Probabilistic Extension of Failure Net Based FMEA ESREL Conference 7.-10. September 2015, Zürich
M. Rauschenbach Fraunhofer-Institute for Structural Durability and System Reliability LBF, Darmstadt, Germany
B. Kaiser ESREL 7.-10.9.2015, Zürich
Berner & Mattner Systems Technology, Berlin, Germany
InTeLekt – integrated test environment for power electronics © InTelekt Consortium
Page 1
Presentation overview
Introduction and State of the art: conventional methods and advanced FMEA-approaches Motivation for a quantitative graphical approach Probabilistic extension of Failure-Net-based FMEA
ESREL 7.-10.9.2015, Zürich
Example Conclusion and outlook
© InTeLekt Consortium
Page 2
Characteritics and restrictions of common failure analysis methods
ESREL 7.-10.9.2015, Zürich
Analysis step
FMEA
FTA
RBD
System analysis
V
o
V
Identification of failure causes
V
V
o
Analysis of possible consequences
V
Probability
o
loss of function
~
~
top-event only
loss of function
V
V
o
o
merely qualitative
Optimization
© InTeLekt Consortium
V
Page 3
State of the art: probabilistic quantification of FMEA Multiple-FMEA: [Pickard/Bertsche,2005]
quantified RPN-based evaluation of Failure-Nets FN transformed into single FT, complemented with failure combinations FMECA - failure modes and criticality analysis [MIL-P-1629,1949]:
determination of criticality number Cm: Cm=λ∙α∙β∙t
λ: basic failure rate, α: failure mode ratio, β: conditional probability, t: time ratio
based on tabular FMEA-scheme ESREL 7.-10.9.2015, Zürich
FMEDA – failure modes, effects and diagnostics analysis [Goble,1999]:
evaluation of probability of safety-critical failure modes with respect to “detection-and-reaction” mechanisms tabular scheme © InTeLekt Consortium
Page 4
Presentation overview
Introduction and State of the art: conventional methods and advanced FMEA-approaches Motivation for a quantitative graphical approach Probabilistic extension of Failure-Net-based FMEA
ESREL 7.-10.9.2015, Zürich
Example Conclusion and outlook
© InTeLekt Consortium
Page 5
Missing: A quantitative graphical FMEA extension
Traditional FMEA, FMECA Tabular System End-Effect 1
Sub-System Consequence 1
Component A Failure mode 1
System End-Effect 2
Sub-System Consequence 2
Component B Failure mode 1 Component A Failure mode 2
Compone nt
FIT
Mode
λmode
DC (%)
Multiple FMEA Graphical - semi-quantitative
∑ SPFM: LFM:
Failure-Net-based FMEA Graphical - qualitative ESREL 7.-10.9.2015, Zürich
FMEDA
FMEDA Tabular - quantitative
? Missing: Graphical - quantitative © InTeLekt Consortium
Page 6
Holistic approach for failure modeling based on FMEA FMECA
FMEDA
Failure-Netbased FMEA
Multiple-FMEA
conditional probabilities of effects
detection-and-reaction mechanisms
multi-relational causeand-consequence nets
transformation of Failure Net relations to FT
probabilistically extended graphical FMEA:
ESREL 7.-10.9.2015, Zürich
Differentiation of conditional probabilities of consequences Consideration of different types of failure combinations and interferences Holistic set of multiple failure-relations based on component failure modes Integral failure modeling with probabilistically extended failure-nets © InTeLekt Consortium
Page 7
Presentation overview
Introduction and State of the art: conventional methods and advanced FMEA-approaches Motivation for a quantitative graphical approach Probabilistic extension of Failure-Net-based FMEA
ESREL 7.-10.9.2015, Zürich
Example Conclusion and outlook
© InTeLekt Consortium
Page 8
Integration of combinatorial and conditional information into FMEA-Failure-Nets =1
=1 & extended Failure Net fragment
equivalent Fault Tree structures
different combinatorial relations represented within one Failure Net model
ESREL 7.-10.9.2015, Zürich
(calculation based on commonly accepted equations, e.g. [IEC 61025])
Consideration of conditional probabilitiy c(j|i) of effect (j) given the cause (i) p(FMj) = c( j | i ) ∙ p(FMi) © InTeLekt Consortium
Page 9
Failure Net elements for modeling of interactions of failures and functions Enabling Edge:
Possible failure sufficient to generate a consequence… … taking effect only in presence of a specific “side-condition” (e.g. component state, operational state or affecting condition)
ESREL 7.-10.9.2015, Zürich
Preventing Edge: Auxiliary condition disabling a failure mode´s consequence possibly originating from functions e.g. a safety-related mechanism © InTeLekt Consortium
Page 10
Calculation model of residual probability of failure effects with consideration of detection-and-reaction mechanism Exemplary FN-fragment:
FM1 causes FM3 in 50% of cases SM can prevent FM1 from inducing FM3 in 80% of the cases of occurrence FM2 (i.e. fault of SM-operability) causes FM3 in combination with FM1 FM3 is a failure state of the assembly `Component B´ ESREL 7.-10.9.2015, Zürich
(or alternatively a fault of another basic component – not displayed here)
Evaluation: 𝐹𝐹𝑀3 = 1 − 1 − 0.5 ∙ 𝐹𝐹𝑀1 ∙ 1 − 0.8 ∙ 𝑅𝑆𝑀 ∙ 1 − 0.5 ∙ 𝐹𝐹𝑀1 ∙ 𝐹𝐹𝑀2 single failure with respect to prevention by safety mechanism © InTeLekt Consortium
≈ 1.4 ∙ 10−3
failure combination in case of fault of safety mechanism Page 11
Example: DC-motor control and power electronics of an electric vehicle Simplified example system:
Pulse width modulated Power Switch Monitoring by Current Sensor Failure Net: (only a small selection of failure relations displayed here)
ESREL 7.-10.9.2015, Zürich
Electric Vehicle Reduced Acceleration
.
Electric Drive Reduced Power
.
Motor Current Sensor Too high
Electric Vehicle Acceleration higher than Required
Electric Drive Uncontrolled Acceleration
Power MOSFET Short circuit
Electric Vehicle Break Down of Vehicle
Electric Drive No Operation
Motor Current Sensor Too low
Electric Vehicle Unrequested Acceleration © InTeLekt Consortium
Power MOSFET Open circuit Page 12
Presentation overview
Introduction and State of the art: conventional methods and advanced FMEA-approaches Motivation for a quantitative graphical approach Probabilistic extension of Failure-Net-based FMEA
ESREL 7.-10.9.2015, Zürich
Example Conclusion and outlook
© InTeLekt Consortium
Page 13
Example: extended Failure-Net-Model
ESREL 7.-10.9.2015, Zürich
some selected failure relations
© InTeLekt Consortium
Page 14
Example: causes for failure mode “Uncontrolled Acceleration”
Possible causal constellations for “Uncontrolled Acceleration”: PREVENTING : ESREL 7.-10.9.2015, Zürich
AND: PREVENTING: AND: © InTeLekt Consortium
Motor Current Sensor: „Too low / Line Break“ Range Check: „Detect Sensor Line Break“ Motor Current Sensor: „Too low / Line Break“ Range Check: „Unavailable“ Power MOSFET: „Short Cirquit“ Additional Safety Shut-off : „Interrupt Supply on MOSFET Failure“ Power MOSFET: „Short Cirquit“ Additional Safety Shut-off: „Fails to cut on Command“ Page 15
ESREL 7.-10.9.2015, Zürich
Example: calculation results
Calculation results: ≈ 2.7 ∙10-5
F(´reducedPower´)
F(´uncontrolledAcceleration´) ≈ 1.3 ∙10-5
F(´noOperation´)
© InTeLekt Consortium
≈ 9.5 ∙10-4 Page 16
Presentation overview
Introduction and State of the art: conventional methods and advanced FMEA-approaches Motivation for a quantitative graphical approach Probabilistic extension of Failure-Net-based FMEA
ESREL 7.-10.9.2015, Zürich
Example Conclusion and outlook
© InTeLekt Consortium
Page 17
Conclusion and outlook
Conclusion:
Probabilistic evaluation of entire sets of failure causes and consequences Holistic representation and evaluation of combinatorial relations of failure states and functional interferences Enabling of evaluation of system reliability and safety-related parameters
ESREL 7.-10.9.2015, Zürich
Outlook: application in large-scale models planned for the InTeLekt project Compensation for false probabilistic influence by ‚repeated events‘ in higherorder hierarchical systems Implementation of automated solution algorithms based on binary and multivalued decision diagrams (please see a more detailed discussion in the conference paper) © InTeLekt Consortium
Page 18
Thank you for listening!
[email protected]
ESREL 7.-10.9.2015, Zürich
Acknowledgements We sincerely thank Jürgen Nuffer (Fraunhofer LBF) for the valuable discussion. This work evolved from the joint research project „Integrierte Prüf- und Testumgebung für Leistungselektroniken – InTeLekt“ which is supported in the framework of the support programme „IKT 2020 – Forschung für Innovationen“ by funds of the German Federal Ministry for Education and Research BMBF (ref. code: 16EMO0017K). © InTeLekt Consortium
Page 19
ESREL 7.-10.9.2015, Zürich
Backup
© InTeLekt Consortium
Page 20
State of the art: Failure-net-based FMEA System End-Effect 1
Sub-System Consequence 1
Component A Failure mode 1
System End-Effect 2
Sub-System Consequence 2
Component B Failure mode 1
consequence cause
Component A Failure mode 2
ESREL 7.-10.9.2015, Zürich
Failure Net (FN): multiple cause-and-consequence failure models
System structure: hierarchical tree graph Basic structural elements: mutually exclusive failure states Intermediate structural elements: multiple failure modes © InTeLekt Consortium
Page 21
ESREL 7.-10.9.2015, Zürich
Quantitative Analysis
© InTeLekt Consortium
Page 22
Analysis via Multi-Valued Decision Diagrams (MDDs) In Fault Tree Analysis: Quantitative Analysis via Transformation
into BDDs (Binary Decision Diagrams) established … but limited to one Failure Mode per Component
ESREL 7.-10.9.2015, Zürich
System Down
E1
E2
E3
E4
P=0.1
P=0.1
P=0.05
P=0.2
Fault Tree © InTeLekt Consortium
0 = Working
1 = Defective
Equivalent BDD Page 23
Analysis via Multi-Valued Decision Diagrams (MDDs) In FMEA: typically several Failure Modes per Component Use Multi-Valued Decision Diagrams (MDDs) instead of BDDs!
Power MOSFET Switch Voltage acc PWM cmd Short Circuit ( P = 0.1)
Power MOSFET
Open Circuit ( P = 0.2)
Failure Net FMEA:
ESREL 7.-10.9.2015, Zürich
Component with •
1 Function
•
2 Failure Modes / Malfunctions
Working
FM1
FM2
Equivalent MDD Node
© InTeLekt Consortium
Page 24
