2nd International Conference on Electrical and Electronics Engineering (ICEEE) and XI Conference on Electrical Engineering (CIE 2005)

Mexico City, Mexico. September 7-9, 2005

A Complex Fault-Tolerant Power System Simulation

M. Dumitrescu, T. Munteanu,1 D. Floricau, A. P. Ulmeanu2
1
Department of Electrical Engineering, Dunarea de Jos University Galati, Romania,
Phone 40 0236460182, Fax 40 0236460182 E-mail: mariana.dumitrescu@ugal.ro
2
Politehnica Bucuresti University, Romania,

The overall hierarchy of dependability model types is

Abstract –– A correct evaluation of the availability indices shown in Fig.1.
in the different vital areas of a complex power system needs a
fault events simulation. On this goal is used a high level type of
Generalized Stochastic Petri net (GSPN), modeling the system
behavior in each of the selected vital area. The paper
introduces a practical model to simulate the fault events
evolution and to evaluate the fault indices named Logical
Explicit Stochastic Petri Nets (LESPN). The paper exemplifies
the LESPN model for a simple fault-tolerant system and
extends the results for a complex power system. A simple
fault-tolerant multiprocessor system is used for a
comparative study of GSPN and LESPN models. The
complex fault tolerant system presented in the paper is
the isolated electric ship power system.

Keywords –– Power System, Fault Tolerant Systems,

Availability, Stochastic Petri Nets
Fig. 1 Power hierarchy among the dependability model types.

I. INTRODUCTION To describe the Markov chain (MC) for a complex

In performing the simulation of the fault events of a
power system an important task is the system logic
representation (specification of all system operational and
failure states, as well as relationships between them).
There are three approaches available for availability
prediction of fault-tolerant systems [1]: combinatorial
models, simulation technique (Monte-Carlo), Markov and
Semi-Markov models. Combinatorial models have a
limited availability modeling power. The disadvantage of
this approach appears in case of high reliable fault-tolerant
systems, when a very large number of simulation cycles
are needed to obtain statistically meaningful results.
The dependability models differ from one another in
terms of modeling power. Modeling power of a model type
is determined by the kinds of dependencies within
subsystems that can be computed. For instance, if various
components of a system share a repair dependency among
components, than Stochastic Petri Nets (SPN) can easily
model such a repair dependency [2].
The common dependability model types are the
following: reliability block diagrams (RBD); fault trees
without repeated events (FT); fault trees with repeated
events (FTRE); reliability graphs (RG); continuous-time
Markov chains (CTMC); generalized stochastic Petri nets
(GSPN) [3], [4], [5], [6].
system, became a very difficult task. In this case a
stochastic Petri net (SPN) equivalent to MC, is usually
used in modeling power system failure-repair behavior [3],
[4].
This paper uses the power system availability model
based on GSPN model, but having a simplified structure,
named Logical Explicit Stochastic Petri nets (LESPN)
developed by the authors. The model is used for the fault
event simulation of the complex power system of an
electric ship. A comparative study of the vital areas faults
indices may be performed using the LESPN model.
The structural simplified LESPN model is obtained
extracting from inside the GSPN model the logical
subnets. So the logical conditions of system performance
are explained outside the GSPN model. Including
predicate/transitions nets facilities, we obtain a great
structural simplification of the model. The arc label of the
colorate Petri net dictates how many and which kinds of
"colored" tokens will be removed from or added to the
places. The GSPN properties and the high level colored
Petri net facilities (using predicates/ transition set) are
combined, to create the set of primitive architectural
modules. used to construct a modular architecture for
power system behavior modeling.
Section 2 exemplifies the LESPN model for a simple
fault-tolerant multiprocessor system. Section 3 presents the
LESPN models for the vital areas of the complex power
supply systems. Section 4 gives the fault analysis computed

IEEE Catalog Number: 05EX1097

ISBN: 0-7803-9230-2 267
0-7803-9230-2/05/$20.00 ©2005 IEEE.
Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on September 8, 2009 at 03:37 from IEEE Xplore. Restrictions apply.
indices and presents the a comparative study for the TOP
complex fault tolerant system vital areas. 8

II. LESPN MODEL FOR THE FAULT-TOLERANT 7 N

MULTIPROCESSOR SYSTEM

The fault- tolerant multiprocessor system (FTMS) with 5 6

shared memory M3 it is an example for this paper [7]. The
multiprocessor architecture has two processors P1 and P2,
P2 P1
each having a private memory M1 and M2 respectively. A 1 2 3 4
processing unit consists of a processor and its memory. Each
processing unit is connected to a mirrored-disk system. Both D21 D22 M 2 M3 D11 D12 M 1 M3
processing units are connected via an interconnection
network N. The system is functional while N is functional Fig. 2 FTRE model for FTMS.
and at least one of the processing subsystems is functional.
The logical conditions of system failure are modeled
For a processing subsystem to be functional, the processor,
using RP2, RP3 subnets in fig.3c,d. RP1 subnets use timed
the memory module and at least one of the two disks must
stochastic transitions and build the „events modeling
be functional.
subnet” (EMS). RP2, RP3 subnets, which are modeling the
In systems dependability modeling we have random (C1, C2 ...Cn) logical conditions leading to the system failure
variables as function time, repair time. A SPN is able to D(x), use immediate transitions and built the „logical
associate a time random variable to the timed transition and subnet” (LS). RP2 subnet (AND type condition) is modeling
also an exponential low for the random variable „time of the system failure, if all the (C1,C2,....Cn) conditions are true.
transition execution”. Starting to a combinatorial model, RP3 subnet (OR type condition) is modeling the system
fault trees with repeated events (FTRE), presented in Fig. 2, failure, if one of the (C1,C2,...,Cn) conditions is true.
LESPN model is built. In [3] also GSPN model is built
starting to the combinatorial model - fault trees with
repeated events the (Fig.3)

P2

D21

D22

M2

2
M3 DS

N
M1

D11

D12
P1

a
C1 C1
F(x) D(x) K D(x) K D(x)
K
C2 C2

RP1 Cn RP2 Cn RP3

b c d

Fig.3 GSPN model for FTMS (a), events modeling subnet (b), AND logical subnet (c), OR logical subnet (d).

IEEE Catalog Number: 05EX1097

ISBN: 0-7803-9230-2 268

Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on September 8, 2009 at 03:37 from IEEE Xplore. Restrictions apply.
 LJ(8)
5;6
<e>
<e>
(D11,6)
(D21,5)
D<e> D<e> O<P>
O<D> T1 P<e>
<D>
D<e> <e> D<e>
(D12,6)
(D22,5)
Fig. 4 Colorate having predicates/transition LESPN model for FTMS.
The combinatorial model is composed of: fourth level
gates AND(1), AND(2), AND(3), AND(4), third level gates
OR(5), OR(6), second level gate AND (7) and fist level gate
OR(8). LESPN algorithm built LESPN subnets beginning
with the biggest level gates. We elaborate the LESPN
subnets for the AND(1), AND(2), AND(3), AND(4) gates.
We elaborate LESPN subnets for third level OR(5), OR(6)
gates which are connected to the subnets of fourth level
gates. Than we elaborate the LESPN subnet for the second
level AND(7) gate.
The next step of the algorithm is to colorate the LESPN
and to elaborate the predicates/transition sets presented in
Fig. 4. Then we built the LESPN subnet for the first level
OR(8) gate, beginning with N primary event of the gate. The
LJ(8) place is connected with aut-arcs to the stochastic
transitions and with in-arcs to the immediate transitions of
the LESPN for AND gates.
The GSPN model type is situated on the top of power-
modeling hierarchy. But, this model presents some limits
because the logical subnet (LS) used in operational
dependency modeling and logical system performance
conditions modeling. This element implies a very large
GSPN model even for simple systems and make very
difficult to build the GSPN model for a repairable complex
system.
The new proposed model does not use the LS in
dependability modeling. The logical performance conditions
of the system are modeled outside the SPN, in a SPN
associate table. The new SPN structure uses only the events
modeling subnet (EMS).
Comparing to the GSPN model, the new SPN model, has
the following advantages:
- it uses a higher level PN, colored and having
predicates/transition, implying a very easy to use and
intuitive structure;
- its dimensions are reduced, implying a simplified
dependability evaluation:
- it uses only the EMS modular architecture;
IEEE Catalog Number: 05EX1097
ISBN: 0-7803-9230-2
Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on September 8, 2009 at 03:37 from IEEE Xplore. Restrictions apply.
<k> N <D>={D11,D12,,D21,D22}
ON <M>={M1,M2,M3}
<e> <e>={5,6}
<e> <P>={P1,P2}
(M1,6) D<e>={(D11,6),(D12,6),D21,5),(D22,5)}
(M2,5)
<e> M<e>={(M1,6),(M2,5),(M3,5,6)}
M3<e> M<e> P<e>={(P1,6),(P2,5)}
M3<e>={(M3,5),(M3,6)}
T2 O<M> <K>={5+6,5+06,6+05}
<M> PERFORMANCE
<e> M<e> if ( # marks (LJ(8)==0)
AVAIL = 0;
(M3,5,6) else AVAIL =1;
- the system logical conditions are modeled outside the
SPN, in the logical table "PERFORMANCE";
- the operational dependencies between the system
components, associate to EMS different modules, are
modeled by the arcs set and the predicates/transition set;
- the system behavior does not posses the vanishing
markings created by the LS of GSPN model;
- it is easy to extend the model from non repairable system
to the repairable system, only adding the transitions for the
repair events of the components.
III. LESPN MODEL FOR THE COMPLEX FAULT-TOLERANT
POWER SYSTEM
The electric ship power system is an isolated one,
usually having a single sectioned busbar system. The fault
tolerant power system has automatically coupled Diesel
generators to different busbar sections, improving the
system availability (Fig. 5a). The Diesel generators and the
most important consumers, such as the redundant motors
of the principal fuel pumps power supply are coupled to
the 380Vac main busbar (A-B).
The four 800kVA Diesel generators G1, G2, G3, G4 are
used for consumers power supply during the navigation
time. The auxiliary busbar (E) and the coupled generator
Ga is used in case of failure of the main power plant. The
220Vac consumers are coupled to the secondary busbar
(F). Two redundant transformers, noted T1 and T2, provide
the 220V power supply.
A very important task of the simulation process is the
correct evaluate of the availability indices of different vital
areas power supply systems. On this goal we build LESPN
models associated to these particular power systems. The
most important areas for the power system, are: the A, B
sections of the main busbar and the E, F sections of the
auxiliary power plant.
269
 Fig. 5 The redundant M consumer power supply (a) and the associated
LESPN model for this vital area power supply system (b).

The LESPN model has four architectural modules
according to levels of the power system presented in Fig.
5a:
x the G redundant generators system (cold
redundancy with hypercritical switches I, having
failure possibilities before and after coupling);
x the busbar sections A, B connected by K switch;
x the busbar E of the auxiliary generator Ga;
x the secondary busbar F of the redundant
transformers T1 and T2.

IEEE Catalog Number: 05EX1097

ISBN: 0-7803-9230-2 270

Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on September 8, 2009 at 03:37 from IEEE Xplore. Restrictions apply.
 All the architectural modules use transitions modeling
fault events (exponential distributed, fault rate O) and also
repair events (exponential distributed, repair rate P) [5].
The system functional dependencies are modeled of the
arcs coupling the architectural modules. Performance
logical conditions are presented in the LESPN associated
table (Fig. 5b).
The system behavioral states are divided, by the
logical conditions, into the following subsets: (M1) the
first M motor success states, (M2) the second M motor
success states, (M1-M2) both M motors success states, the
failure states (the rest of states). The predicates/transition
sets from Figure. 4b, noted <*> generally, dictate how
many and which kind of tokens are moving in each of the
transition execution type.
IV. FAULTS ANALYSIS COMPARATIVE STUDY
A computerized tool, Stochastic Petri Nets Evaluation
(SPNE) using Visual Basic software, for complex repairable
power system simulation and faults indices prediction was
developed. Fault analysis metrics computed with SPNE tool
(considering a planned operational time Tp= 80000 h) are
the following: general availability indices as system success
probability, system failure probability; special availability
indices (for some of the system significant points) as partial
success probability of first M motor, second M motor and
power system availability specific indices as, the average of
failure total time M[E(TP)], the average of success total time
TABLE I
THE FAULTS ANALYSIS INDICES OF THE ELECTRIC SHIP ISOLATED POWER SYSTEM
AVAILABILITY LEVEL/ PROBABILITY
AVAILABILITY METRICS PS/PSP1/PSP2/PR
Success A_B/ PS 0.9976899
Partial success A/ PSP1 1.1541208E-03
Partial success B/ PSP2 1.1541208E-03
Failure A_B/ PR 1.5874528E-06
Success E_F/ PS 0.98977345
Partial success E/ PSP1 2.658831E-04
Failure E_F/ PR 2.785532E-05
V. CONCLUSION
The structural simplified model (LESPN), having the same
modeling power as GSPN, is more practical for engineering
applications, more easy to understand and also very adequate
in power system faults events simulation. Different
IEEE Catalog Number: 05EX1097
ISBN: 0-7803-9230-2
Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on September 8, 2009 at 03:37 from IEEE Xplore. Restrictions apply.
M[D(TP)], the average of failure interruptions total number
M[Q'(TP)], the average of maneuver interruptions total
number M[Q(TP)].
For availability metrics evaluation, SPNE tool
constructs the reachability graph (RG) of the bounded
GSPN, the reduced RG (obtained by reducing the
vanishing markings) and the MC isomorphic to reduced
RG, both modeling the failure-repair behavior of tested
power system. Also the SPNE tool constructs the subset:
success states, failure states, partial success states
associated to the structure states process of the system.
LESPN complex models associated to the other
important nodes in the analyzed system: the A, B sections
of the main busbar the C, D sections of the secondary
busbar, E, F sections of the auxiliary power plant are also
built.
The faults indices, availability specific indices
(Tp= 80000h) are presented in Table I. A comparative
study of faults indices for all the vital areas shows the
greatest success probability and availability specific
indices for A, B sections of the main busbar and the small
ones for the redundant M motors power supply system. But
in the last case the partial success probability of a single M
motor power supply system has the greatest value.
M[Q(TP)] M[Q'(TP)] M[D (TP)]uE+04 M[E(TP)]
18.4690 107.677 7.98151 184.800
78.144 432.718 7.89846 1015.32
availability metrics are evaluated using LESPN model and
on this purpose a specialized software was created.
In the designing phase this model and the associated tool
can be easily used for comparative study. The computed
indices can be used in technical-economical studies, for the
vital areas of the analyzed power supply system. The
271
simulation is a very exact one, because are used complex
LESPN which are capable of modeling all the functional
dependencies between the system elements and also the
correct fault-repair behavior for the tested power system.
Fault maintenance and fault diagnosis is also an important
area of application of SPNE simulation tool.
REFERENCES
[1] M. Dumitrescu, „Efficiency and Reliability on Power Systems”,
edited on Didactica and Pedagogica” Bucuresti 2003, ISBN 973-
30-2187-3, pp. 150-161.
[2] M. Dumitrescu, A.P. Ulmeanu, „Mathematical Techniques for
Power Engineers.”, edited on Academica Galati 2000, ISBN
973- 98858- 4- 5, pp. 266-275.
IEEE Catalog Number: 05EX1097
ISBN: 0-7803-9230-2
Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on September 8, 2009 at 03:37 from IEEE Xplore. Restrictions apply.
[3] M. Malhotra, and K, S Trivedi, “Power-Hierarchy of
Dependability- Model Types” IEEE Trans. Reliability, no 3,
(1994).
[4] M. Malhotra, and K, S Trivedi, “Dependability modeling using
Perti nets” IEEE Trans. Reliability, no 3, 1995.
[5] M Shooman, “The equivalence of reliability diagram and fault-
tree analysis” IEEE Trans. Reliability, May, pp. 74_78, (1970).
[6] N, Viswanadham, “Composite Performance-Dependability
Analysis of Cellular Manufacturing Systems”. IEEE Trans on
Robotics and Automation, nr. 2, 1994.
[7] Dumitrescu M., Munteanu, T, Floricau D. 2003. „Fault-Tolerant
Multiprocessor Analysis”. IEEE International SYMPOSIUM on
Theoretical Electrical Engineering, ISTET’03. Faculty of
Electrical Engineering, Warsaw University of Technology, 6-9
July, Proceedings 405-408.
272