Required Order Factors |
|
Where there is no law, there is the least of real liberty. |
Henry Martyn Robert |
|
The probability that two independent components with constant failure rates λ1 and λ2 will both fail during a time interval T is |
|
|
|
where t1 and t2 are the times when the respective components fail during the interval. If the values of λjT are both orders of magnitude smaller than 1, the above expression is closely approximated by (λ1T)(λ2T). This integral represents the fact that each component can fail at any time during the interval from 0 to T. |
|
In some circumstances we are interested in the probability that the two components will fail during a given interval in a specific order. To compute that probability, we can simply integrate the joint density over the region that satisfies the required order. For example, if we want to know the probability that both components fail and component 1 fails before component 2, we evaluate the integral as follows |
|
|
|
If λ1T and λ2T are both orders of magnitude smaller than 1, this reduces to (1/2)(λ1T)(λ2T), so in this case the probability of both components failing in the specified order during the interval is 1/2 times the unordered probability. This is sometimes called a Required Order Factor (ROF), and is often applied to the basic probability in a fault tree to take credit for the required order. It s worth emphasizing that the simple approximation of 1/2 for the case of two components failing in a specific order is valid even for unequal failure rates, provided only that the values of λ1T and λ2T are small, because in that limit the density distribution for each failure is uniform over the interval, so each component is equally likely to fail at any time during that interval. Hence each permutation of the sequence of failures is equally probable. |
|
More generally, for any specified order requirements on a set of n components failing within an interval of time T, there are n! possible permutations of these components, corresponding to the n! possible sequences of failure, and if we let k denote the number of permutations that satisfy the order requirements, then the required order factor is closely approximated by k/n!, provided the probabilities are all sufficiently small. |
|
However, if the probabilities are greater than about 0.01, the simple combinatorial approximation becomes inaccurate, because the permutations are not all equally probable. In that case the exact integral, as in the example above, must be used. As an example, suppose a fault tree has a cutset with five components, denoted by C1 to C5, and suppose that were are interested in the probability that they all fail in the interval T, and that the component C1 fails after C3 and C4, and that the component C2 fails after C3, C4, and C5. If all the probabilities are small, we can use the simple combinatorial approach and simply count how many of the 5! = 120 permutations satisfy the specified order conditions. There are 6 permutations of C3, C4, C5, and we know C2 must occur after those three, and C1 must occur either after those three as well, in which case there are two permutations of C1 and C2, or between the second and third of the first three if the last of those is C5, so there are just two of those (permuting C3 and C4). Thus there are 6∙2 + 2∙1 = 14 permutation that satisfy the specified order requirements, and hence the ROF is 14/120 = 0.117. |
|
As noted, the combinatorial approximation is valid only if the probabilities are sufficiently small. If the probabilities are large, we must integrate the joint density function exactly. To integrate over the required regions, we form two quintuple-nested integrals, one with t1 ranging from 0 to T and with t2 ranging from 0 to t1, and the other with t1 (again) ranging from 0 to T and with t2 ranging from t1 to T. In the first case, t3, t4, and t5 each range from 0 to t2, and in the second case they range from 0 to t1, t1, and t2 respectively. Thus the probability of these five faults occurring in an order the satisfies the specified requirements is the sum of the two integrals: |
|
|
|
Dividing this sum by the quantity |
|
|
|
gives the ROF for this cutset. With λ1 = λ2 = 10−5 and λ3 = λ4 = λ5 = 10−6 and T=1000 hours the probabilities are not too large, and this gives the factor 0.116, fairly close to the simple combinatoric factor. However, with T=50,000 hours the probabilities of C1 and C2 are 0.393 and the probabilities of C3, C4, and C5 are 0.049, so we expect a smaller ROF because the components that need to fail later are more likely to fail sooner in the interval. For this case we get the required order factor 0.093. On the other hand, with λ1 = λ2 = 10−6 and λ3 = λ4 = λ5 = 10−5 and T=50,000 hours the components that need to fail last are more likely to fail later in the interval, so for this case we get the required order factor 0.144. |
|
In the preceding discussion we have considered only cases in which the exposure times for the faults are all the same. If the exposure times are different, the effect of imposing a specific sequence on the faults is also different. We ll first give a simple geometrical explanation, in the rare event approximation, and then describe the general Markov model approach. |
|
Consider a cutset consisting of the joint failure of two independent components C1 and C2, with failure rates λ1 and λ2, and with latent exposure times τ1 and τ2, respectively. Stipulate that the probabilities are all orders of magnitude smaller than 1. The canonical fault tree approach (with no requirement on the order of failure) would be to compute the product of the individual probabilities at the end of their respective exposure times, which is the probability at the least common multiple of those exposure intervals. This gives P = (λ1τ1)(λ2τ2), but this takes no credit for averaging, it conservatively takes the maximum value that the probability achieves. Calculation of the averaging factor is presented in the note on the Average Product of Saw Tooth Functions. Here we consider the effect of imposing a specific sequence on the failures, e.g., suppose the combination of these two faults is catastrophic only if C1 fails prior to C2. This is often called a priority AND gate. |
|
In the rare event approximation, each component would fail at most once during the life T of the airplane, and the times t1 and t2 of the failures of the two components (if they both fail) will be essentially randomly distributed between t = 0 and t = T. Once the component has failed, it will continue to be failed for the duration of its latency period. The figure below depicts the state space for the times of failure of the two components (on the condition that they both fail at some time between 0 and T). |
|
|
|
The overall square region represents the space of all possible combinations of failure times for the two components, and the shaded area represents those joint failures whose failure times overlap, meaning they are both failed at the same time. The shaded region above the diagonal represents the instances of overlapping failures in which C1 fails first, and the shaded region below the line is the instances of overlapping failure in which C2 fails first. Using the derivation presented in the note on Meeting Probabilities, given a value for the probability of both faults being present at the same time (without regard to order), the Required Order Factor in this case is |
|
|
|
If τ1 and τ2, are both very small compared with T, then the ratios τ1/T and τ2/T can be neglected, and the expression reduces to ROF = τ1 / (τ1 + τ2). This confirms that, if τ1 equals τ2, the ROF is 1/2. For cutsets with three or more components, the geometrical analysis provided in the note on Meeting Probabilities can be used to infer the required order factor. |
|
We can also derive the ROF by constructing a Markov model of the system. In the rare event approximation, it gives the same results as the geometrical approach. |
|