XML-based modeling method of phased-mission systems subject to probabilistic common cause failures

Abstract

With the increasing of system scale and the growing of functional requirements and interactions within and/or among system hierarchies, there are more difficulties for safety engineers to carry out their works. Especially, the research on phased mission system (PMS) with probabilistic common cause failures (PCCFs) is still in the initial stage and has a lot of limitations, because the current researches have not yet considered the dynamic characteristics of PMSs. In this paper, a modular method is proposed as the theoretical basis to construct the components model in the PMS with PCCF. The relationships between common cause events were discussed and the probabilistic model of CCFs is extended, so that the model can fit for different statistical relations, and a module-based modeling and analysis method using binary decision diagram (BDD) and Markov model were proposed to deal with static and dynamic module in PMS respectively. Moreover, a standardization of description method for modular method using extensible markup language (XML) is given, based on which the system reliability model can be constructed by computer aided. Finally, the proposed method is demonstrated through a case study.

Keywords

Probabilistic common cause failure phased-mission system Markov method XML standardization automatic generation of model

1. Introduction

Complex systems (e.g., electronic system, aerospace system and nuclear power system) usually contain several subsystems with different functions. In many practical applications, a successful mission requires the system to accomplish multiple, consecutive and non-overlapping phases of operation or tasks successfully [1]. With each phase conversion, the working mode, environment condition, system configuration and failure criterion of components may be changed. A classic example is a geosynchronous orbit satellite (GEOS) which involves launch, transfer orbit, quasi synchronous orbit and synchronous orbit phases. If there are two subsystems of attitude control (SAC), one SAC is needed during the synchronous orbit phase, while two SACs are needed during the transfer orbit phase. Moreover, the SACs are far more likely to fail because of the enormous stress, more complex work pattern and more complex work condition in transfer orbit phase. Systems used in these missions are called phased-mission systems (PMS). The research of reliability evaluation on PMS has been expanded since 1970s. On the one hand, the existing methods can be divided into analytical methods and simulation methods. The analytical methods are further divided into three classifications: 1) combinatorial methods [2], in which binary decision diagram (BDD) method is primarily used. They are valid in the analysis of non-repairable systems; 2) state-based approaches [3, 4], which chiefly utilize Markov method. They are able to consider every possible state space of the repairable system, but may result in the state space explosion problem when there are a great number of components in the system; 3) modular methods [5 –9], which are proposed to evaluate the repairable PMS with a great number of components. For example, there is a modular method, which is the combination of the BDD method and Markov method [9]. The BDD method is used to analyze the static modules, while the Markov method is used to deal with the dynamic modules. Furthermore, it is applied to the PMS with large number of repairable components. On the other hand, the study of the PMS concentrated in two areas. One is to improve the calculation efficiency [10], the other is system model analysis for all kinds of specific functions subject to PMS, such as the model analysis based on the requirement [11], the model analysis based on the failure propagation [12], and the model analysis based on the common cause failure [2, 13].

Because of the impacts of space, environment and the human errors during design and manufacture process, the failures among every component are no longer independent failure events. The failures of multiple components may be caused by a single cause, and are called common cause failures (CCFs). Many studies have shown that CCFs contribute greatly to the overall system failure probability. Therefore, it is essential to consider the effects of CCFs for accurate reliability and safety modeling and evaluation of critical systems. According to the failure mechanism, CCF can be divided into two kinds, i.e. internal failure and external failure [2]. On the other hand, according the same or different failure probabilities of similar components subject to common causes (CCs), CCFs can be divided into two types, i.e. symmetric CCFs (SCCFs), that is the failure probabilities of similar components subject to CCs are same. The other is asymmetry CCFs (ACCFs), which means the failure probabilities of similar components subject to CCs are difference. The research of ACCFs generally thinks that the effect on components subject to CCs has a certain probability, rather than a certain role. Moreover, CCs can be divided two types. Deadly CCs, it will cause all components failure completely in a common cause group (CCG). The other is non-fatal CCs, it can only cause partial damage on components. For the ACCFs, a specification definition was proposed and it came up with the concept of probabilistic CCFs (PCCFs) and the logic gate of PCCF [14]. For example, for the sensor systems in a forest, due to the common cause of explosion in the theater, the failure probabilities of the sensor is “1”; however, failures caused by humidity are PCCFs because different sensors are resistant to different levels of humidity and thus may fail with different probabilities as the humidity level increases. Obviously, analyzing the system reliability according to the former situation will make the calculation result lower. So to be different from the CCG in the DCCF, the CCG in the PCCF was referred as probabilistic CCG (PCCG) hereafter [15]. Afterwards, the author also analyzed the reliability of the static and dynamic fault for the tolerance system [16]. An explicit method and an implicit method were proposed to analyze the reliability of systems subject to internal or external PCCFs [17]. And then, an explicit method and an implicit method were proposed to analyze reliability of PMSs with PCCFs caused by external shocks [15]. In recent years, a modular method was proposed, which combines the BDD and Markov methods to deal with the static and dynamic behaviors of the components respectively in the PMSs with PCCFs [18, 19].

With the increasing of system scale and the growing of functional requirements, the complex large-scale systems gradually tend to be highly integrated. The internal structure and functional interactions among hierarchies become more and more complex and confusion, which bring more difficulties and challenges to safety engineers to carry out safety work such as risk identification and accident process analysis. Automatic modeling and automatic analysis of system model are becoming an inevitable trend of research. In 1991, the methodology for automated analysis of phased missions was proposed, which is based on the solution of a discrete-state continuous-time Markov model [20]. In 1999, in order to simplify the model check of concurrent systems, the study worked in progress towards the construction of an environment for automatic verification based on transforming Promela models using abstract interpretation as a formal basis [21]. In 2007, an XML (Extensible Markup Language) based standard for the structural description of various types of decision diagrams was proposed [22]. With the development of the reliability analysis software, the reliability analysis of PMS was becoming more and more convenient. Even if there are so many software available to perform the mathematical analysis of the model but its construction, which is used as input to the software, is undertaken manually. The method based of Petri nets and simulation methods to realize the automatic generation of PMS develops gradually [23, 24]. In recent years, a standardization of description method was proposed, which for tracking, telemetry and command resources metadata and tasks using XML is given. Based on this description, the system reliability model can be constructed by computer aided. The value rules of transition rate matrix in Markov model are analyzed, and an automatic generation algorithm of Markov model is proposed [25].

In conclusion, most of the existing researches on PCCFs assume that the system is just in a single phase mission, but the researches on PMSs with PCCFs are more complex. The research on PMSs with PCCFs is still in the initial stage and has a lot of limitations. In the practical application, moreover, PMSs usually have a larger scale, which means that the reliability analysis based on artificial calculation is not only inefficient, but also the accuracy of the calculation results cannot be guaranteed. What’s more, most of the researches on the automated implementation of the PMS model are essentially different from the PMSs with PCCFs system described in this article. In order to solve the above problems, a method for PMSs with PCCFs, which have been studied by the authors before [18 , 26], will be used as the theoretical framework of the method proposed in this paper. Firstly, the event space of probabilistic common cause event including various combinations of CCs non-occurrence and occurrence is set up. It can handle all kinds of statistical relationships among CCs, which can be s-independent, mutually exclusive and s-dependent. Secondly, the unreliability model for a PMS without considering the influence of the PCCFs is constructed by the modularized modeling method. Thirdly, the unreliability of the PMS subject to each PCCE is evaluated using BDD method and Markov method to deal with static and dynamic modules respectively. Finally, total probability law is used to calculate the reliability of PMS. Then, the steps of the method will be divided into two categories, namely, the steps that require manual computation and the steps that need to be automatically implemented by the computer. For the automatic process, XML is introduced to describe BDD model and Markov model respectively, and some algorithms are developed to read and calculate the models in XML schema automatically, which makes the method more convenient and efficient.

The rest of this paper is organized as follows. In section 2, the problem and the assumptions of this research is described. In section 3, several basic methods are introduced. In section 4, we will give a brief review of the previous methods and then explain which steps need to be implemented according to the previous method, and which steps need to be automated to implement improvements. In section 5, we will explain the detailed steps that need to be automatically implemented by the computer. In section 6, a case study is presented in order to demonstrate the applicability of the method. And section 7 will give some conclusions.

2. System description

This paper aims to propose a framework and methods that can be used to assess the reliability of PMSs-PCCFs. The systems may be influenced by multiple PCCFs, and the relationship between the different CCs may be subject to different statistical correlation (including mutually exclusive events, statistical correlation, statistical independence, etc.). A component in system can be affected by more than one CC within one phase or among different phases. The following four assumptions are applied to the proposed methods:

The components on the system are unrepaired.

The failure probabilities of different components by internal failure propagation or external PCCFs are independent.

Component failures obey the exponential distribution.

Let CC_ij be the jth CC in the phase i. It appears at the beginning of the phase i and disappears at the end of this phase. That is, the time of the component affected by CC_ij is the duration of the phase i.

3. Basic methods

Modular modeling method is adopted in this paper, and the combination of the BDD method and Markov method is used to model the PMS. Finally, the influence of PCCFs is added into the calculation results by the implicit method [14 , 26].

3.1. BDD method

Based on the Shannon’s theorem, BDD method can be expressed as the if-then-else format as follow [2]:

$\begin{matrix} f = ite (x, f_{x = 1}, f_{x = 0}) = ite (x, F_{1}, F_{0}) \\ = x • F_{1} + \bar{x} • F_{0} \end{matrix}$ (1)

The Equation (1) indicates if x = 1 then F₁ = f_x=1, even if x = 0, then F₀ = f_x=0.

Considering two sub-BDD models to represent different components in the ite format as follow: $G = ite (x, G_{x = 1}, G_{x = 0}) = ite (x, G_{1}, G_{2})$ (2) $H = ite (y, H_{y = 1}, H_{y = 0}) = ite (y, H_{1}, H_{2})$ (3)

The rules to put these two sub-BDD models together in one BDD model are $\begin{matrix} G * H = ite (x, G_{1}, G_{2}) * ite (y, H_{1}, H_{2}) \\ = {\begin{matrix} ite (x, G_{1} * H_{1}, G_{2} * H_{2}) index (x) = index (y) \\ ite (x, G_{1} * H, G_{2} * H) index (x) < index (y) \\ ite (x, G * H_{1}, G * H_{2}) index (x) > index (y) \end{matrix} \end{matrix}$ (4)

Let the Boolean expressions of the identical component X in phase i is G and in phase j is H. ${\begin{matrix} G = ite (A_{i}, G_{1}, G_{2}) \\ H = ite (A_{j}, H_{1}, H_{2}) \end{matrix}$ (5)

The rules to put these two sub-BDD models together in one BDD model are

$\begin{matrix} ite (A_{i}, G_{1}, G_{2}) * ite (A_{j}, H_{1}, H_{2}) \\ = ite (A_{j}, G * H_{1}, G * H_{2}) \end{matrix}$ (6)

3.2. Markov method

The analysis steps for solving dynamic modules using the Markov model are as follows.

Define the status space of the dynamic module M.

Let $W = {S_{1}, S_{2}, \dots, S_{n}, \bar{S_{1}}, \bar{S_{2}}, \dots, \bar{S_{n}}}$ is the state space. Let E ={ S₁, S₂, …, S_n } is the success state, and $F = {\bar{S_{1}}, \bar{S_{2}}, \dots, \bar{S_{n}}}$ is the failure state.

Describing state transition diagram.

Let S_i (S_i ∈ W) is the state of module M at t moment, and the probability is P_i (t).

Construct the state transition equation on the basis of the second step and the third step.

Solve the state transition equation

Calculate the total failure probability of the system.

3.3. Implicit method

The chief steps of implicit method are as follows.

Set up the event space of probabilistic common cause event (PCCE) including various combinations of CCs non-occurrence and occurrence.

Construct the unreliability model for a PMS without taking influence of PCCFs into account.

Evaluate the unreliability of the PMS subject to each PCCE.

Use total probability law to calculate the reliability probability of the PMS.

3.4. The basic concepts of XML

Extensible Markup Language (XML) [27] represents a special purpose markup language. It is intended to define, store, and transmit data information, in order to facilitate the exchange of data between various Web based applications. The XML framework proposed in this paper consists of several separate components, including XML Schema, XML Document and XML Parser, and their relationships are shown in Fig. 1 [22].

Fig. 1.

XML framework.

4. The proposed modular modeling method based on XML

In reference [26], we have proposed a modeling and analysis method for PMS. In the analysis process, however, we found that as the number of system components increases, the efficiency of manual computing is reduced, and the accuracy is difficult to guarantee. Based on the previous research, we make further improvement to the method to achieve some steps automatically. The improved method is described as follow.

Step 1. construct the event space, including various combinations of CCs non-occurrence and occurrence, and then calculate all probabilities of every event.

In order to simplify the description, take two CCs as an example. Let P₁ be the probability of event CC₁₁; let P₂ be the probability of event CC₁₂. The relationships as follows:

mutually exclusive CCs

$\begin{matrix} P ({PCCE}_{1}) = 1 - P_{1} - P_{2}, P ({PCCE}_{2}) = P_{1}, \\ P ({PCCE}_{3}) = P_{2}, P ({PCCE}_{4}) = 0 \end{matrix}$ (7)

s-independent CCs

$\begin{matrix} P ({PCCE}_{1}) = (1 - P_{1}) \times (1 - P_{2}), \\ P ({PCCE}_{2}) = P_{1} \times (1 - P_{2}), \\ P ({PCCE}_{3}) = (1 - P_{1}) \times P_{2}, \\ P ({PCCE}_{4}) = P_{1} \times P_{2} \end{matrix}$ (8)

s-dependent CCs

$\begin{matrix} if Pr {{CC}_{11} / {CC}_{12}} = P_{h}, Pr {{CC}_{11} / \bar{{CC}_{12}}} = P_{\bar{h}}, \\ then P ({PCCE}_{1}) = (1 - P_{2}) \times (1 - P_{\bar{h}}), \\ P ({PCCE}_{2}) = (1 - P_{2}) \times P_{\bar{h}} \\ P ({PCCE}_{3}) = P_{2} \times (1 - P_{h}), \\ P ({PCCE}_{4}) = P_{2} \times P_{h} \end{matrix}$ (9)

Step 2. Combine the modularized modeling method to construct the unreliability model for the PMS without considering the influence of PCCFs. The simplest BDD model of the system is obtained, whose bottom events are the independent modules.

Step 3. Evaluate the conditional unreliability probabilities of each module. Firstly BDD method is used for the static modules while Markov method is used for the dynamic modules. Secondly, The BDD and Markov methods are described formally using the XML. Finally, read the XML document and combine the algorithm rule to obtain the conditional probability of each module under each PCCEs.

Let λ_ix be the local probability rate of component x in phase i. Let λ_ijx be the probability rate of component x subject to CC_ij. Let T_i be the duration time of the phase i. The conditional probability of component x of static modules subject to PCCE_n is

$\begin{matrix} P (x | {PCCE}_{n}) \\ = 1 - e^{- \sum_{i = 1}^{i} λ ix T_{i}} e^{- \sum_{i = 1}^{i} \sum_{j = 1}^{j} λ_{ijx} T_{ij}} \end{matrix}$ (10)

The conditional failure probabilities of the static modules will be calculated according to the logical expression and the conditional probability of components.

Let P_M be the local probability of the static module. Let P_{cc
_i} be the probability of the static module subject to CC_i. The conditional failure probabilities of the static modules subject to PCCE_n is

$\begin{matrix} Pr (M_{dy} fails | {PCCE}_{n}) \\ = 1 - (1 - P_{M}) \prod_{i = 1}^{k} (1 - P_{{cc}_{i}}) \end{matrix}$ (11)

Step 4. Analyze the conditional unreliability of the PMS under each PCCEs. It is similar to the solution of the static module in the step 3.

Step 5. Analyze the reliability of PMS. In this step, we will use total probability law to calculate the unreliability probability of PMS. The evaluation formula considering the effects of PCCFs is shown below.

$\begin{matrix} R = Pr (PMS success) \\ = 1 - \sum_{n = 1}^{2^{L}} [Pr (PMS failure | {PCCE}_{n}) \\ • Pr ({PCCE}_{n})] \end{matrix}$ (12)

5. Modeling and automatic computation using XML

In this section the BDD and Markov methods are described formally using the XML.

5.1. Date structure and XML implementation

5.1.1. BDD method in XML

The XML framework used for BDD method can be regarded purely as chain structure. Each node is represented as one entity storing the identification of the node. There are three data types contained in each node of BDD model, shown in Fig. 2. The “truepath” represents the “1” edge of each node. The “falsepath” represents the “0” edge of each node. The “next” represents the next node.

Fig. 2.

Data structure for BDD’s node.

The XML Schema mechanism is used to specify custom XML data types that correspond to the schema of the elements shown in Fig. 3. In the XML schema specification we define a basic complex element type “BDD”. It contains several complex element types “stateType”. Each “stateType” includes a simple element type “truepath”, a simple element type “falsepath”, several element types “λi”, several element types “ti”, several element types “ λij” and several element types “tij”. The complete description of XML Schema is given in Appendix I. The case study in session 6 will give a better view of data structures and XML Schema discussed.

Fig. 3.

Date types of XML Schema specification for BDD method.

5.1.2. Markov method in XML

The XML framework for the Markov method is a chain structure as well. There are two data types contained in each node of Markov model, shown in Fig. 4. The “pointto” represents the next state or previous state of this node’s state, while the “next” represents the next node.

Fig. 4.

Data structure for the node of Markov method.

The XML Schema mechanism is used to specify custom XML data types that correspond to the schema of the elements shown in Fig. 5. In the XML schema specification we define a basic complex element type “Markov”. It contains several complex element types “stateType”. Each “stateType” includes several complex element types “pointtoType”, and two property elements e.g. “name” and “id”. Each “pointtoType” includes a simple element type “nameType” and a simple element type “variableType”. The complete description of XML Schema is given in Appendix II. The case study in session 6 will give a better view of data structures and XML Schema discussed.

Fig. 5.

Date types of XML Schema specification for Markov method.

5.2. Automatic algorithm

To realize automatic processing, the variables are summarized based on BDD and Markov model calculation rules firstly. Then an automated algorithm is developed, and a quantitative analysis of the model is carried out with the help of the mature reliability analysis software.

5.2.1. Automatic algorithm for BDD method

For the BDD method, if we know the logical structure of the BDD model and then bring data into it, we will get the result of BDD calculation. So it is very important to obtain the expression for the BDD model. Then it is easy to obtain the reliability probability by the reliability analysis software. The automatic algorithm for XML Schema of BDD method is shown in Fig. 6.

Fig. 6.

Automatic algorithm for BDD method.

Step 1. Read XML document of BDD model and then get the node list and each node parameters.

Step 2. Traverse all the paths that from first node to node “1”.

Step 3. Evaluate the probability of each node in the same path. Let Subt is the node calculation formula refer to Equation (10). If it is “truepath” then Subt = Subt, otherwise Subt = 1-Subt.

Step 4. Evaluate the probability of each path. Let t is the probability of occurrence of the path. If there are n nodes in one path. Then, $t = \prod_{i = 1}^{n} {subt}_{i}$ .

Step 5. Evaluate the probability of BDD model. Let T is the probability of occurrence of the top event of BDD model. If there are n paths in BDD model, then, $T = \sum_{i = 1}^{n} t_{i}$ .

5.2.2. Automatic algorithm for Markov method

Continuous-time Markov chains first-order differential equation is [28] $\frac{d p}{d t} = p (t) • A^{*} • A^{*} = [\begin{matrix} - \sum_{j = 1}^{N} a_{0 j} & a_{01} & ... & a_{0 N} \\ a_{10} & - \sum_{\begin{array}{l} j = 0 \\ j \neq 1 \end{array}}^{N} a_{1 j} & ... & a_{1 N} \\ ... & ... & ... & ... \\ a_{N 0} & a_{N 1} & ... & - \sum_{\begin{array}{l} j = 0 \\ j \neq N \end{array}}^{N} a_{N j} \end{matrix}]$ (13)

Similar to BDD method, it is important to obtain the A^* for the Markov model as well. Then it is easy to obtain the reliability probability by the reliability analysis software. The automatic algorithm for XML Schema of Markov method is shown in Fig. 7.

Fig. 7.

Automatic algorithm for Markov method.

Step 1. Read XML document of Markov model and then get the node.

Step 2. Traverse all nodes from first node to last node.

Step 3. Get all child nodes “pointto” of each node.

Step 4. Get the jump node “variable” of each child node. The “variable” is stored as a_mn.

Step 5. The a_mn is output in matrix form.

Step 6. the final result will be obtained by referring to Equation (13).

6. Case study

6.2. System introduction

The satellite is a typical PMS, and the unreliability of a geosynchronous orbit satellite (GEOS) in the first time of orbital transfer is evaluated in Ref. [25], but the effect of PCCF is not considered. In this paper, it is chosen as a case study to demonstrate the applicability of the proposed method. All components of GEOS are shown in Table 1.

Table 1
The introduction of components and subsystems

Symbol Illustrate

A Contains 2 components (Aa, Ab), Cold backup

B Contains 3 components (Ba, Bb, Bc), 2/3 Voting system

C Contains 4 components (Ca, Cb, Cc, Cd), hot backup

D Contains 2 components (Da, Db), hot backup

E Contains 3 components (Ea, Eb, Ec), 2/3 Voting system

F 1 components

G Contains 2 components (Ga, Gb), hot backup

Symbol	Illustrate
A	Contains 2 components (Aa, Ab), Cold backup
B	Contains 3 components (Ba, Bb, Bc), 2/3 Voting system
C	Contains 4 components (Ca, Cb, Cc, Cd), hot backup
D	Contains 2 components (Da, Db), hot backup
E	Contains 3 components (Ea, Eb, Ec), 2/3 Voting system
F	1 components
G	Contains 2 components (Ga, Gb), hot backup

The specific parameters involved in the analysis are described below.

If there are three CCs, i.e. CC₄₁, CC₅₁, CC₅₂. P_{CC
₄₁} = 0.7, P_{CC
₅₁} = 0.6, P_{CC
₅₂} = 0.4. CC₅₁ and CC₅₂ are s-independent while CC₅₁ and CC₅₂ are s-dependent: P {C₅₂/C₅₁} = P_h = 0.6, $P {C_{52} / \bar{C_{51}}} = P_{\bar{h}} = 0.5$

Component failure rate description. Internal failure rates of components (10^–8min^–1): λ_A = 2.44, λ_B = 1.22, λ_C = 6.10, λ_D = 2.44, λ_F = 1.72, λ_G = 1.22. Failure rates of components due to PCCFs (10^–4min^–1): λ₄₁ (A) = 2, λ₄₁ (C) =3, λ₄₁ (E) =6, λ₄₁ (G) = 7, λ₅₁ (B) =1, λ₅₁ (D) =2, λ₅₁ (F) =3, λ₅₂ (A) = 5, λ₅₂ (C) =6, λ₅₂ (E) =2, λ₅₂ (G) =4.

Stage duration (min). t₁ = 45, t₂ = 698, t₃ = 35, t₄ = 120, t₅ = 57.

6.2. Reliability modeling and assessment

Step 1. Build event space of the first time of orbital transfer. Since there are three external CCs in the example computer system, an event space that consists of 2³ = 8 PCCEs are constructed. The 8 PCCEs are $\begin{matrix} \begin{matrix} {PCCE}_{1} = \bar{{CC}_{41}} \cap \bar{{CC}_{51}} \cap \bar{{CC}_{52}}; \\ {PCCE}_{2} = {CC}_{41} \cap \bar{{CC}_{51}} \cap \bar{{CC}_{52}} \\ {PCCE}_{3} = \bar{{CC}_{41}} \cap {CC}_{51} \cap \bar{{CC}_{52}}; \\ {PCCE}_{4} = \bar{{CC}_{41}} \cap \bar{{CC}_{51}} \cap {CC}_{52} \\ {PCCE}_{5} = {CC}_{41} \cap {CC}_{51} \cap \bar{{CC}_{52}}; \\ {PCCE}_{6} = {CC}_{41} \cap \bar{{CC}_{51}} \cap {CC}_{52} \\ {PCCE}_{7} = \bar{{CC}_{41}} \cap {CC}_{51} \cap {CC}_{52}; \\ {PCCE}_{8} = {CC}_{41} \cap {CC}_{51} \cap {CC}_{52} \end{matrix} \end{matrix}$

Calculate the probabilities of PCCEs refer to Equations (7–9). There are $\begin{matrix} P_{({PCCE}_{1})} = (1 - P_{{CC}_{41}}) (1 - P_{\bar{h}}) (1 - P_{{CC}_{52}}) = 0.09 \\ P_{({PCCE}_{2})} = P_{{CC}_{41}} (1 - P_{\bar{h}}) (1 - P_{{CC}_{52}}) = 0.21 \end{matrix}$

$\begin{matrix} P_{({PCCE}_{3})} = (1 - P_{{CC}_{41}}) (1 - P_{{CC}_{52}}) P_{\bar{h}} = 0.09 \\ P_{({PCCE}_{4})} = (1 - P_{{CC}_{41}}) P_{{CC}_{52}} (1 - P_{h}) = 0.048 \\ P_{({PCCE}_{5})} = P_{{CC}_{41}} (1 - P_{{CC}_{52}}) P_{\bar{h}} = 0.21 \\ P_{({PCCE}_{6})} = P_{{CC}_{41}} P_{{CC}_{52}} (1 - P_{h}) = 0.112 \\ P_{({PCCE}_{7})} = (1 - P_{{CC}_{41}}) P_{{CC}_{52}} P_{h} = 0.072 \\ P_{({PCCE}_{8})} = P_{{CC}_{41}} P_{{CC}_{52}} P_{h} = 0.168 \end{matrix}$

Step 2. First, the fault tree is used to model the system shown in Fig. 8. Let T_i be the phase i. According to the modularization method, the system is summed up as 8 independent modules. They are M₁ = {A_a, A_b}, M₂ = {B_a, B_b, B_c}, M₃ = {C_c}, M₄ = {C_d}, M₅ = {G_a, G_b}, M₆ = {C_a, C_b}, M₇ = {D_a, D_b}, M₈ = {F}. Among them, M₁ is dynamic module, the others are static modules. Let M_ji is the M_j in the phase i. The BDD model of the system is obtained, in which bottom events are the eight modules is shown in Fig. 9.

Step 3. Evaluate all modules conditional failure probabilities under each PCCEs. The BDD is used to calculate M₂ - M₈, and the Markov method is used for M₁.

The Markov model is built as shown in Fig. 10. We present the complete XML code representing this particular Markov model as follow.

<?xml version="1.0" encoding="UTF-8"?>

</state>

</state>

</state>

</Markov>

For the modules of M₂ - M₈, M₅ is taken as an example to explain in detail, and other modules solution are the same as this method. The BDD model is built as shown in Fig. 11. We present the complete XML code representing this particular BDD model as follow.

<?xml version="1.0" encoding="UTF-8"?>

</state>

</state>

</Path>

Fig. 8.

Fault tree model of the system.

Fig. 9.

BDD model of the system.

Fig. 10.

Markov model of the M₁.

Fig. 11.

BDD model of the M₅.

Finally, the conditional failure probabilities of all modules obtained by using the automatic algorithm in reliability analysis software is shown in Table 2. The first row of the table lists the eight PCCEs that occur in the system. The first column of the table lists all of the modules. Let M_ij be the M_i in the phase j, so the table represents the conditional failure probability of M_i under the influence of each PCCE in phase j.

Table 2

The magnitude of shadow in the table is 1, and the others are shown in the brackets of the first column of the form)

Modules	PCCE₁	PCCE₂	PCCE₃	PCCE₄	PCCE₅	PCCE₆	PCCE₇	PCCE₈
M₁₅ (10^–8)	1.000	0.00987	1.000	0.00964	0.00987	0.00422	0.00964	0.00422
M₂₄ (10^–10)	3.422	3.422	3.422	3.422	3.422	3.422	3.422	3.422
M₆₃ (10^–9)	2.252	2.252	2.252	2.252	2.252	2.252	2.252	2.252
M₃₃ (10^–5)	5.478	0.0354	5.478	5.478	0.0354	0.0354	5.478	0.0354
M₄₃ (10^–5)	5.478	0.0354	5.478	5.478	0.0354	0.0354	5.478	0.0354
M₅₄ (10^–10)	1.141	0.0065	1.141	1.141	0.0065	0.0065	1.141	0.0065
M₇₃ (10^–10)	3.576	3.576	3.576	3.576	3.576	3.576	3.576	3.576
M₈₅ (10^–5)	1.643	1.643	0.0170	1.643	0.0170	1.643	0.0170	0.0170

Step 4. Evaluate the system conditional failure probabilities under each PCCEs. The BDD model is built as shown in Fig. 9, and the standardized description for the BDD model obtained by using the XML is shown in Fig. 11. Finally, the conditional failure probability of the PMS calculated based on the automatic algorithm and Equation (8) in reliability analysis software is shown in Table 3.

Step 5. The reliability probability of the system is calculated by formula (12) is R = 0.9323242726.

Table 3

The conditional failure probabilities of PMS

PCCE_i	Probabilities (Retain ten significant digits)
PCCE₁	0.0001259982
PCCE₂	0.0847337058
PCCE₃	0.0171077073
PCCE₄	0.0097647737
PCCE₅	0.1002784504
PCCE₆	0.0795109022
PCCE₇	0.0265827793
PCCE₈	0.0951443501

7. Conclusion

In this paper, a modular modeling analysis method which combines the BDD and Markov methods is proposed to deal with the static and dynamic behaviors of the components respectively in the PMS to analyze the reliability of PMS subject to PCCFs. Moreover, the BDD model and Markov model are described standardizedly by using XML, and the automatic algorithm used to analyze the models automatically is developed, which can be integrated in reliability analysis software. Finally, all the proposed methods are demonstrated in a case study where the reliability of GEOS in the first time of orbital transfer is evaluated to verify the effectiveness of the methods.

In future research, we will extend the XML description to fit into various types of BDD and Markov models to support to develop software tool for the reliability evaluation of PMS and PCCF.

Footnotes

Appendix I

< ?xml version="1.0" encoding="UTF-8"?>

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://a.name/space"

elementFormDefault="qualified" attributeFoemDefault="unqualified" xmlns:dd="http://a.name/space">

<xs:element name="ameType">

<xs:simpleType>

<xs:restriction base="xs:string"/>

< /xs:simpleType>

< /xs:element>

<xs:element name="truepathType">

<xs:simpleType>