Project topics and materials
Get Complete Project Material File(s) Now! »
Model-based Safety Assessment
The classical safety assessment techniques suffer from several intrinsic and incidental limitations. One of main limitations is that FT and ET, the two formalisms that are mainly used to design models, stand at a relative low level. Not only their expressive power is limited, but models are distant from systems under study. As a consequence, models are hard to design and even harder to share amongst stakeholders and to maintain throughout the life-cycle of systems. Hence the interest for higher level modeling formalisms increases steadily. Major advantages ofModel-Based Systems Engineering (MBSE) include enhanced communications between stakeholders and team members. MBSE also allows shared understanding of the domain, improved knowledge capture, design precision and integrity without disconnections among data representations, better information traceability, enhanced reuse of artifacts, and reduced development risk [101]. The model-based approach for safety analysis is gradually winning the trust of safety engineers but is still a wide domain of research [76]. Model- Based Safety Assessment (MBSA) is a reliability engineering branch ofMBSE.MBSA techniques have been developed in recent years to address challenges in analyzing and verifying complex safety–critical systems. MBSA focuses on developing effective and robust safety assessment techniques through the automation of the safety analysis process [110].
Among the MBSA techniques, the AltaRica language is introduced in IEC 61508 [50] as a technique for calculating probabilities of hardware failures in SIS. It is also mentioned in ISO/TR 12489 as a formal language to model the functioning and dysfunctioning of industrial systems [60].
AltaRica has become a defacto European industrial standard for MBSA [15]. It is currently employed as an internal representation language by several safety analysis workshops: Cecilia OCAS (Dassault Aviation), Simfia (EADS Apsys), Safety Designer (Dassault Systemes), and AltaRica Studio (LaBRI) [76].
The first version of AltaRica has been designed at the end of 1990s [95, 3]. Since then, a significant amount of scientific research has been done and a solid industrial experience has been acquired, including the certification of aircrafts. Commercially distributed environments make it possible to create, to edit, to assess and to simulate models graphically. AltaRica Data-Flow, the 2.0 version of AltaRica, has already been used for evaluating the production availability of an oil production system [11]. Mathematical foundations of AltaRica Data-Flow [11] and AltaRica 3.0 [99] are mode automata and guarded transition systems, respectively. Guarded transition systems make the new version of the language possible to handle systems with instant loops and to define acausal components [108].
Modeling Languages
Modeling languages are indispensable for performance analysis. These languages can be classified into two categories: classical and model-based approaches, as shown in Figure 2.1. Classical approaches are those traditionally leveraged for reliability assessment. They are further classified into Boolean and state/transition formalisms system failure. Reliability block diagrams, fault trees, and event trees belong to Boolean formalisms.
State/transition formalisms can describe how a system behaves (jumps between states) according to arising events (e.g. failures and repairs). Markov Chains (MC) and Stochastic Petri Nets (SPN) are example of such formalisms.
Classical approaches are well established and are used extensively for reliability assessment. Nevertheless, models designed with these formalisms are far from the functional architecture of the system. As a consequence, models are hard to design and to maintain throughout the lifecycle of systems. A small change in specifications may require a complete revisit of safety models, which is both resource consuming and error prone [76]. Therefore model-based approaches are proposed to track this issue. Model-based approaches describe system with high modeling formalisms. Many approaches have been developed, such as Hip-HOPS, SAML, FIGARO, and AltaRica.
Classical Approaches
We take simple series and parallel structures to illustrate classical approaches, as shown in Figure 2.2. Classical approaches are graphical and event-based. They can explicitly describe systems of interest. However, they have their own drawbacks. It is not easy to construct complex systems using classical approaches. A Boolean formalism provides static combinations of blocks/events. This formalism is not appropriate to model dynamic systems with complex maintenance policies and dynamic behaviors.
In general, state/transition formalisms are more powerful than Boolean ones. They can describe dependencies and dynamic behaviors. However, state/transition formalisms become hard to control when the system is complex. MC provide many metrics to evaluate the system of interest. However, MC are particularly appropriate to model small systems with complex/ dynamic behaviors. This is because the number of states increases exponentially with the increase of the number of components. SPN are capable of modeling systems with complex behaviors. The size of an SPN model keeps linear with the number of components. But SPN become hard to control when modeling large systems. In the following, several classical approaches are briefly presented.
Table of contents :
1 Introduction
1.1 Production and Safety Systems
1.2 Performance Analysis
1.3 Problem Formulation
1.4 Modeling Patterns
1.5 Objectives of the Thesis
1.6 Structure of the Thesis
2 Performance Analysis of Production and Safety Systems
2.1 Glossary for Performance Analysis
2.2 Production-performance Analysis
2.3 Reliability Analysis of Safety Systems
2.4 Model-based Safety Assessment
2.5 Modeling Languages
2.5.1 Classical Approaches
2.5.2 Model-based Approaches
2.6 Summary
3 AltaRicaModeling Language
3.1 Formal Definition of Guarded Transition Systems
3.2 States and Transitions
3.3 Flow Propagation
3.3.1 Looped Assertions
3.3.2 Data-flow Assertions
3.4 SynchronizationMechanisms
3.5 Prototypes and Classes
3.6 Semantics
3.7 Comparison with other State/transitionModeling Languages
3.7.1 Differences
3.7.2 Similarities
3.8 Summary
4 Modeling Patterns
4.1 Notion ofModeling Patterns
4.2 Categories ofModeling Patterns
4.2.1 Behavioral Patterns
4.2.2 Flow Propagation Patterns
4.2.3 Composition Patterns
4.3 Methodology to DevelopModeling Patterns
4.4 Summary
5 Catalog ofModeling Patterns
5.1 Behavioral Patterns
5.1.1 PERFECT
5.1.2 NonRepairable
5.1.3 CorrectiveMaintenance
5.1.4 PreventiveMaintenance
5.1.5 DEGRADATION
5.1.6 PeriodicTest
5.1.7 RevealUndetectedFailure
5.1.8 StaggeredPeriodicTest
5.2 Flow Propagation Patterns
5.2.1 SISO: Single-Input-Single-Output
5.2.2 SIMO: Single-Input-Multiple-Output
5.2.3 MISO:Multiple-Input-Single-Output
5.2.4 SOURCE
5.2.5 SINK
5.2.6 MIMO:Multiple-Input-Multiple-Output
5.2.7 SERIES
5.2.8 PARALLEL
5.2.9 KooN
5.2.10 SwitchKooN
5.2.11 SequentialWork
5.2.12 BYPASS
5.2.13 LOOP
5.3 Composition Patterns
5.3.1 Main unit/Cold standby unit Coordination (MCC)
5.3.2 Main unit/Hot standby unit Coordination (MHC)
5.3.3 Repairable unit/Repair crew Coordination (RRC)
5.4 Relationships betweenModeling Patterns
5.5 Modeling Patterns Reuse
5.6 Summary
6 Experimental Studies
6.1 Production Systems in Process Industry
6.1.1 A Production Facility
6.1.2 A Floating Production Storage and Offloading System
6.1.3 An Oil Production System
6.1.4 An Offshore Installation
6.2 Safety Systems in Process Industry
6.2.1 An Overpressure Protection System with Single Channel
6.2.2 An Overpressure Protection System with Dual Channel
6.2.3 An Overpressure Protection System with Redundant Architecture
6.2.4 AMultiple Safety System
6.2.5 An Emergency Depressurization System of A Hydrocracking Unit
6.3 Summary
7 Conclusion and FutureWorks
7.1 Conclusion
7.2 FutureWorks
A Production Availability Analysis using Stochastic Petri Nets
B Modeling Patterns for Production Performance Analysis
C Modeling Patterns for Reliability Analyses of Safety Systems
D Acronyms and Abbreviations
Bibliography
