Figure 2 - uploaded by Carlos A. Liceaga
Content may be subject to copyright.
Source publication
Semi-Markov Specification Interface to the SURE Tool) program, which uses an abstract language for specifying Markov reliability models, is described in Butler (1986). The language has statements to specify the state space, by defining the state variables and their range; the start state, by the initial values of the state variables; the death stat...
Citations
... Dynamic (or active) redundancy techniques use fault detection followed by diagnosis and reconfiguration. Logical subsystems can be reconfigured [3]. Before component failures cause systems to irretrievably fail, the system can recover by logically replacing failed components with spares. ...
This paper discusses alternative architectural considerations for instrumentation and control (I&C) systems in high-reliability applications to support remote, autonomous, inaccessible nuclear reactors, such as a space nuclear power plant (SNPP) for mission electrical power and space exploration propulsion. This work supported the pre-conceptual design of the reactor control system for the Jupiter Icy Moons Orbiter (JIMO) mission. Long-term continuous operation without intermediate maintenance cycles forces consideration of alternatives to commonly used active, N-multiple redundancy techniques for high-availability systems. Long space missions, where mission duration can exceed the 50% reliability limit of constituent components, can make active, N-multiple redundant systems less reliable than simplex systems. To extend a control system lifetime beyond the 50% reliability limits requires incorporation of passive redundancy of functions. Time-dependent availability requirements must be factored into the use of combinations of active and passive redundancy techniques for different mission phases. Over the course of a 12 to 20-year mission, reactor control, power conversion, and thermal management system components may fail, and the I&C system must react and adjust to accommodate these failures and protect nonfailed components to continue the mission. This requires architectural considerations to accommodate partial system failures and to adapt to multiple control schemes according to the state of nonfailed components without going through a complete shutdown and restart cycle. Relevant SNPP I&C architecture examples provide insights into real-time fault tolerance and long-term reliability and availability beyond time periods normally associated with terrestrial power reactor I&C systems operating cycles. I&C architectures from aerospace systems provide examples of highly reliable and available control systems associated with short- and long-term space system operations. Reliability concepts are discussed, and differences between various redundancy management schemes are compared. Mission time-dependent availability requirements indicate that a SNPP I&C might employ different types of redundancy at different times in a mission. Conclusions are drawn regarding appropriate architectural features relative to mission duration and control system availability requirements.
... l k (that is, the number of redundant components for class k) do not (or do slightly) depend on k, SFB and SFBS should have more or less the same behaviour; but when some components have signiicant diierences in these values, SFBS should outperform SFB. To look at how these rules of thumb work out in a particular case, we study two versions of a Tandem computer, described in 7] (we follow here a later description in 9]). This computer is composed of a multiprocessor p, a dual disk controller k, two RAID disk drives d, two fans f, two power supplies ps, and one dual interprocessor bus b. ...
Very complex systems occur nowadays quite frequently in many technological areas and they are often required to comply with high dependability standards. To study their availability and reliability characteristics, Markovian models are commonly used. Due to the size and complexity of the systems, and due to the rarity of system failures, both analytical solutions and “crude” simulations can be inefficient or even non-relevant. A number of variance reduction Monte Carlo techniques have been proposed to overcome this difficulty; importance sampling methods are among the most efficient. The objective of this paper is to survey existing importance sampling schemes, to propose some new schemes and improvements on existing ones, and to discuss their different properties.
