TABLE OF CONTENTS A single PEC (Figure F-2) represents a minimum system. No fault tolerance is provided by this system. No failure mode protection is provided. The electronic circuits can fail safely (outputs de-energized, open circuit) or dangerously (outputs frozen or energized, short circuit). Since the effects of on-line diagnostics should be modeled, four failure categories are included:
DD - dangerous detected,
DU - dangerous undetected,
SD - safe detected, and
SU - safe undetected.
Figure F-3 shows the fault tree for dangerous failures. The system will fail dangerously if the unit fails dangerous detected (DD) or dangerous undetected (DU).
Using rough, first order approximation techniques, a simple formula can be generated from the fault tree for the probability of dangerous failure (probability of failure on demand), PFD (assuming perfect periodic test and repair)
where
RT = average repair time
TI = test interval for a periodic inspection
It should be pointed out that the approximation techniques are only valid for very small system failure rates.
Since many safety evaluations are done using average probability of failure on demand (PFDavg), the equation for PFDavg should be derived. The average approximation is given by:
substituting t = TI and integrating
integrating t ?
when evaluated gives
for the 1oo1 architecture assuming perfect test and repair.
When imperfect periodic test and repair is considered, the fault tree and the equation get more complicated. The equivalent...
