Reliability Modeling of Phased Mission System with Phase Backup by Stochastic Petri Net

LI Mengzhu()， YU Haiyue()， WU Xiaoyue()

College of Systems Engineering，National University of Defense Technology，Changsha， 410073，China

Abstract：This paper presents a modeling method by stochastic Petri net for reliability analysis of phased mission system(PMS)with phase backup.The model consisting of petri nets，depicts the system behaviors of unit level，system logic level and phase level.Guard functions of petri nets are used to avoid modeling complexity and make the model flexible to different reliability logical structures.It was shown that the time redundancy within phase and from phase backup for PMS can both be described by use of the proposed model.

Key words：mission reliability；phased mission system(PMS)；phase backup；Petri nets

Introduction

Phased mission system (PMS) is a kind of system that has a number of consecutive time phases. The units and the reliability logical structure of them may change from phase to phase[1]. For some PMS in engineering application， tasks failed in a phase can be re-executed in the next phase， so there is time redundancy among phases.

In existing literatures， there are mainly three types of methods for reliability modeling of conventional forms of PMS， namely PMS without time redundancy. (1) Combinatorial method[2-3]， such as reliability block diagram and fault tree. This method has advantages of simple modeling with high solution efficiency. (2) State space method[4]， typically based on the Markov model. This method can take the dependency between units into consideration. However， it is difficult for large-scale and complex problems due to rapidly increasing in the size of the model with the number of units. (3) Simulation method[5-7]， including Petri nets and Monte Carlo simulation， which can be applied even when the failure and repair times of the system units follow non-exponential distributions. Petri net is a graphical mathematical language. It has now became a widely used tool for system modeling and simulation. Deterministic and Stochastic Petri nets(DSPN) has been used to model the mission reliability of tracking, telemetry and command(TT&C) system[8]. However， the logic structure of units and information dependency between phases is described by excessive use of transition arcs， which makes the model very complex when the scale of the problem increases. Extend object-oriented Petri nets(EOOPN) greatly improves the modularity and visuality in reliability modeling of conventional PMS[9].

In recent years， some research works have been done for reliability evaluation of mission systems with time redundancy. Depending on the schedule and mission requirements for PMS， during some phases the system must operate continuously throughout the time， while for some other phases， only a minimum service support duration is required. Therefore， some of the phases may have time redundancy or flexibility in the starting time of mission execution， which means that the mission can be executed from any time within the phase interval， and provides that the system remains in the operational state continuously for a period of time not less than a given value. Such PMS can be called PMS with time redundancy[10]. Wu and Hillston provided a approach for mission reliability of semi-Markov systems with time redundancy[10]. Later， they presented a Monte Carlo simulation approach to evaluate the mission reliability of PMS with time redundancy within phase[11].

However， the methods mentioned above do not consider the time redundancy between phases. In this paper， we use Petri net to provide a reliability modeling method for PMS with time redundancy which is in the form of phase task backup. Our proposed model can also consider the complexity due to the unit-repair activity.

The remaining part of this paper is organized as follows.Section 1 briefly introduces the Petri nets we used and its operation rules. Section 2 presents the petri net models for mission reliability of PMS considering phase backup.Section 3 makes some conclusions.

1 Petri Nets

1.1 Stochastic Petri net(SPN)

Petri net is a model based on place， transition， token and directed arc. The basic Petri net has been extended to an advanced Petri nets such as SPN， generalized stochastic Petri nets[12]and colored Petri nets(CPN) by adding constraints to the place or transition[13].

The SPN used in our reliability modeling is defined as a 6-tupleNSP=(P，T，I，O，G，M0，λ)[13]， where P is a finite set of places，Tis a finite set of transitions，Iis a set of directed arc weightsPtoT，Ois a set of directed arc weightsTtoP，M0is the initial marking which describes the initial distribution of system resources，Gis a Guard function that associates with a transition，λ={λ1，λ2， …,λm} is a set of average enabling rates for transitions， which describes the enabling times of transitions per unit time. In reliability analysis，λcan represent the failure rate and repair rate of the unit.

In this paper， place is represented by “○”， token is represented by “●”， instant transition is represented by “|”， delayed transition is represented by “□”. The input function value from placePto transitionTis denoted asI(P，T)=w. The output function value from transitionTto placePis denoted asO(P，T)=w. The weight of arcwis marked on the arc. If the weight is 1， it does not need to be annotated. Bidirectional arcs is indicated by dotted lines.

1.2 Operation rules

In a dynamic system， the transition enabling requires that the conditions associated with transition be satisfied. Transition T is enabled if and only if all of the number of tokens in input placePis greater than or equal to the connection arc weight and Guard functions onTequals True. With the markmd， the enabled transitionTwill result in a new statem′ as

m′(p)=m(p)-I(P，T)+O(P，T).

(1)

In this paper， we used the Guard function to make the model more concise by information share among the components of Petri nets. A Guard function was equivalent to a constraint for the directed arc between placePand transitionT， and was used for restricting the transition enabled. Figure 1 shows an example of transition enabling.

Fig. 1 Transition enabling process

The transitionTin Fig. 1 has a Guard function and two input places.Thas a Guard function that requires one token inP2. It means that transitionTis enabled when there is one token inP2throughT0enabling. After the firing of transitionT，P3will have two tokens. Since the connection betweenP2and the transitionTis a bidirectional arc with a weight of 1， after enabling， the number of tokens inP2does not change. The use of bidirectional arc allows access to the state of the place and requires no token transfer in the associated place. Consequently， the petri net model can be much simplified with proper use of Guard functions and bidirectional arcs to express information dependency.

2 SPN Model for Mission Reliability of PMS with Dynamic Time Redundancy

2.1 PMS with time redundancy

For the conventional PMS， the mission success requires that the system should keep operational throughout the entire time duration of each phase. However， for the PMS discussed in this paper， the phase mission success only demands the system keep operational for a time period greater than a given length of time within the phase duration. In addition， depending on the schedule strategy， redundant time of the current phase can be scheduled for the re-execution of other phase tasks， such as those failed in the precedent phases.

2.2 SPN model of PMS

The SPN model of this paper has hierarchical structure and consists of Petri nets in unit level， the system-logic level and the phase level which interact with each other.

(1) Unit level Petri net describes the changes in state of the system unit， which is caused by event occurrences such as time starting， time ending， failure and repair. As shown in Fig. 2. when place Pdi receives the token indicating the start of work， transition Tis is enabled and the unit’s state changes from the idle state Pi to the working state Piw. During the working process， on one hand, the unit’s state transfer to failure state Pif through the failure event Tif-w， and then it goes back to the working state through the repair transition Tif-w； On the other hand， when preconditions of Guard function on the Tie are satisfied， the instantaneous transition Tie is enabled and the unit goes back to the idle state Pi.

Fig. 2 Unit level model

The notations in Fig. 2 are explained as follows.

Pdi： place used to receive information of starting instruction for the unit.

Pi and Pif： places representing the idle state and the failed state of the unit respectively.

Tis， Tie， Tiw-f， and Tif-w： transitions that represent the unit’s start， end， failure， and repair events respectively.

The Guard function describes the condition for end of the unit work.

(2) The model of system logic level describes the reliability logic structure in each phase. Figure 3 gives a system-logic level Petri net with three system units. When PD receives token， the system transfers from idle state PI to working state PW. In this working state， when the tokens in Pout make the instantaneous transition Tw-f fired， the state of system transfers to failure state Pf. The tokens in Pout result from firing transition Tif-w， which representing the failure of working state. When the number of tokens in Pout satisfies the Guard function on Tf-w， transition Tf-w is enabled and the system returns to working state PW. When all the units return to the idle state Pi， the state of system returns to idle state PI by TW-I. The weight of the arc from place Pout to transition Tw-f is w. If w equals 1 and the guard function on Tf-w requires only zero token in Pout， the model represents the logical structure of system with series reliability logic structure； When w equals the number of unit and the Guard function on Tf-w requires the number of token in Pout that is less than the number of system units， the model corresponds to system with parallel reliability logical structure.

The symbols in Fig. 3 are explained as follows.

Fig. 3 System logic level model

PD： place to receive the information of starting work.

Pout： place for receiving token indicating failure of system units.

PI， PW and Pf： places representing the idle， working and failure states of the system respectively.

TI-W and TW-I： transitions representing the events that the system goes into the working state and the ends working state respectively.

Tw-f and Tf-w： transitions representing the events that the system logic goes into the failure state and leaves failure state respectively.

Guard function on transition Tiw-f is used to ensure the unit to no longer failure once the system is in failure state.

Guard function on transition Tf-w represents the conditions for the system to leave failure state.

(3) Phase level model includes phase time model and phase task model. The models describe the execution process of phase task and the transfer of task success information between phases.

The model for a PMS with three phases is shown in Figs. 4 and 5. The Petri nets in “phase level” describe the begin time and end time of one phase (Fig. 4) and the task execution process in the phase (Fig. 5).

Fig. 4 Phase time model

Fig. 5 Phase task model

As one phase reaches its beginning time， transition “T0” is enabled and transfers a token to place “P1”. Then， the Guard function on transition “Tm” equals true. At this moment， if both of place “Pm” and place “P4” have tokens in them， transition “Tm” is enabled and fired. Then the “task” token in “Pm” be removed to place “P3”， and a work starting request is sent to place “PD”.

As shown in Fig. 3， if place “PD” receives a token and the system is in idle state (“PI” has a token)， place “Pw” will receive a token after transition “Ti-w” firing. Then， the Guard function on transition “T3” equals true. The “task” token then be removed from place “P3” to place “P5”， which means that the task is on processing. After a time delay created by “T5”， the task is completed and a token is transferred to place “Ps”. Place “P4” would also receive a token after firing of transition “T5”， which means that the system can serve to another task. However， if the system failure occurs during the task processing， namely Pf==1 for the Guard function on transition Tf3， the “task” token will reenter place “P3” and waiting another execution after system recovery from failure. If the phase reaches its end time， place “P2” receives a token after firing of transition “T1”. Then， the Guard function on transitions “Tf1”， “Tf2” and “Tf3” equal true， which makes the “task” token goes to place “PF” to indicate that the phase task failure.

2.3 Mission reliability of model

According to the relationship between phases， we can build the complete mission reliability model of PMS by adding proper Petri net elements. Figure 6 shows the mission reliability model of a PMS with three-phases， “Phase1”， “Phase2” and “Phase3”， based on the Petri nets introduced in section 2.2.

Fig. 6 Mission reliability model

The following gives the places for the model.

Pmi’： places for receiving the tokens representing failure in previous phase；

PSiand PFi： places for receiving the “task” tokens created by successful processing and non-successful processing in a phase respectively；

PY， PN：place for receiving the tokens produced by successful processing and non-successful processing in the whole mission time respectively；

In this system， the mission succeeds only if all phase tasks have been accomplished before the end of the mission time. The failed task in current phase (place “PFi”) would be transferred to the subsequence phase (place “Pmi+1”) through the firing of transition “TFi”， which make it possible for the failed task to make a re-execution in “Phasei+1” if there is a time redundancy in this phase. If the task has been successfully performed in a phase， the transition “TYi” is enabled and fired， which transfers this “task” token to place “PY”. At the end of the time， system mission reliability is obtained by statistical analysis of the token in place “PY”.

Both time redundancy within a phase and by phase backups can be considered. For the time redundancy in a single-phase mission， we use transition “Tf3” (in Fig. 5)， which could resent the failed “task” token to place “P3”， to represent that the task can be executed repeatedly if the phase does not reach it end time. For the phase backups in multi-phase mission， we use transition “TFi”， which could remove the failed “task” token from place “PFi” to place “Pmi+1”， to represent that the task could be re-executed in subsequence phases as it has failed in previous phase.

3 Conclusions

A modeling approach is introduced, which is based on SPN with Guard function for mission reliability of PMS with phase backups. The use of Guard function makes it convenient to represent information share in Petri nets and avoids the excessive use of arcs that cause the complexity of the model. The modeling method has following advantages. (1) Hierarchical model structure of Petri nets in unit， phase， and system level. The layered model simplifies the modeling process. (2) Flexibility. For different logical connections between units， we need only to change the Guard functions and related transition conditions. (3) As a simulation model， it can be used for evaluation of the mission reliability of the system with its unit having non-exponential working or repair time.