Safety factor requirements for the offshore industry

The maintenance of structural integrity is a significant consideration in the safety management of offshore installations. Installations operating in the North Sea are primarily of welded construction and are subjected to severe environmental conditions, which induce significant fatigue loads. Thus, offshore installations are designed to resist structural failure from fatigue and extreme loading as well as other failure mechanisms, e.g., corrosion. Additionally, design to resist failure from accidental loading, such as fire and explosion and boat impact, is recognised as being particularly important. The need to maintain safety standards is of particular relevance on the United Kingdom continental shelf (UKCS) where there is an increasing ageing population of installations which have exceeded their original design lives and which subsequently require reassessment to ensure that structural integrity is maintained through the life cycle.The emphasis on safety highlights the need for appropriate structural integrity assessment procedures and the use of appropriate safety factors. A particularly important development has been the major international effort since 1993 to produce an ISO standard for offshore structures. This has entailed the harmonisation of relevant national codes and standards and the development of new procedures where appropriate, resulting in the derivation of revised safety factors for offshore structures. The subject of safety factors within the ISO arena and in terms of the general requirements for offshore structures is addressed in this paper.     

Modelling and optimization of proof testing policies for safety instrumented systems

This paper introduces a new development for modelling the time-dependent probability of failure on demand of parallel architectures, and illustrates its application to multi-objective optimization of proof testing policies for safety instrumented systems. The model is based on the mean test cycle, which includes the different evaluation intervals that a module goes periodically through its time in service: test, repair and time between tests. The model is aimed at evaluating explicitly the effects of different test frequencies and strategies (i.e. simultaneous, sequential and staggered). It includes quantification of both detected and undetected failures, and puts special emphasis on the quantification of the contribution of the common cause failure to the system probability of failure on demand as an additional component. Subsequently, the paper presents the multi-objective optimization of proof testing policies with genetic algorithms, using this model for quantification of average probability of failure on demand as one of the objectives. The other two objectives are the system spurious trip rate and lifecycle cost. This permits balancing of the most important aspects of safety system implementation. The approach addresses the requirements of the standard IEC 61508. The overall methodology is illustrated through a practical application case of a protective system against high temperature and pressure of a chemical reactor.     

Design optimization of a safety-instrumented system based on RAMS+C addressing IEC 61508 requirements and diverse redundancy

This paper presents the design optimization by a multi-objective genetic algorithm of a safety-instrumented system based on RAMS+C measures. This includes optimization of safety and reliability measures plus lifecycle cost. Diverse redundancy is implemented as an option for redundancy allocation, and special attention is paid to its effect on common cause failure and the overall system objectives. The requirements for safety integrity established by the standard IEC 61508 are addressed, as well as the modelling detail required for this purpose. The problem is about reliability and redundancy allocation with diversity for a series-parallel system. The objectives to optimize are the average probability of failure on demand, which represents the system safety integrity, Spurious Trip Rate and Lifecycle Cost. The overall method is illustrated with a practical example from the chemical industry: a safety function against high pressure and temperature for a chemical reactor. In order to implement diversity, each subsystem is given the option of three different technologies, each technology with different reliability and diagnostic coverage characteristics. Finally, the optimization with diversity is compared against optimization without diversity.     

The analysis of failure data in the presence of critical and degraded failures

Reported failures are often classified into severityclasses, e.g., as critical or degraded. The critical failures correspond to loss of function(s) and are those of main concern. The rate of critical failures is usually estimated by the number of observed critical failures divided by the exposure time, thus ignoring the observed degraded failures. In the present paper failure data are analyzed, applying an alternative estimate for the critical failure rate, also taking the number of observed degraded failures into account. The model includes two alternative failure mechanisms, one being of the shock type, immediately leading to a critical failure, another resulting in a gradual deterioration, leading to a degraded failure before the critical failure occurs. Failure data on safety valves from the OREDA (Offshore REliability DAta) data base are analyzed using this model. The estimate for the critical failure rate is obtained and compared with the standard estimate.     

The modelling of degraded and critical failures for components with dormant failures

The failures reported in reliability data bases are often classified into sseverity classes, e.g., as critical or degraded failures. This paper presents models for the failure mechanism causing the degraded and critical failures, and estimators for the failure intensities of the models are provided. The discussions mainly focus on dormant (hidden) failures of a standby component. The suggested models are based on exponentially distributed random variables, but they give non-exponential (phase-type) distributions for the time to failure, and thus provide alternatives to the more common Weibull model. The main model is adapted to the information available in modern reliability data bases. Using this model it is also possible to quantify the reduction in the rate of critical failures, achieved by repairing degraded failures. In particular the so-called ‘naked failure rate’ (defined as the rate of critical failures that would be observed if no repair of degraded failures was carried out) is derived. Further, the safety unavailability (Mean Fractional Deadtime) of a dormant system is obtained for the new model.     

Analysis of fatigue failure on the keyway of the reduction gear input shaft connecting a diesel engine caused by torsional vibration

The vibratory torque of a diesel engine caused by the reciprocating motion of the mass and gas pressure force of a cylinder is one of the main causes of the failure of the driving shaft of the diesel engine and the connecting shaft to the reduction gear. Because high cycle torsional fatigue can occur in the reduction gear shaft connecting the engine under vibratory torsional stress, the US Navy restricts it under the MIL G 17859D(SH) standard and suggests a procedure for evaluating the safety of the shaft for the reduction gear. In this study, the structural safety of the reduction gear input shaft in which fatigue failure occurs in typical naval vessels is investigated in accordance with the VDI 3822 RCA (root cause analysis) procedure based on the MIL G 17859D(SH) standard. When evaluating the safety factor in accordance with the MIL G 17859D(SH) standard, the alternating bending moment from the lateral vibration and the stress concentration factor under static load are considered. In addition, an improved design is suggested by CAE to satisfy the safety factor suggested by the MIL G 17859D(SH) standard.     

Predicting lifetime by degradation tests: A case study of ISO 10995

ISO 10995 is the international standard for the reliability testing and archival lifetime prediction of optical media. The standard specifies the testing conditions in terms of the combinations of stress variables—temperature and relative humidity. The periodically collected data from tests are the error rate of the device, and failure is defined as the error rate exceeding a predetermined level. The standard assumes that the projected failure time is the actual failure time, and these projected failure times are then analyzed by using an Eyring or Arrhenius model. Since true failure times are often not directly observed, the uncertainties in the failure time must be taken into account. In this paper, we present a hierarchical model for degradation that can directly infer failure time at the use condition and compare this model with the International Standard Organization (ISO) standard through a simulation study. Not accounting for the uncertainty in the projected failure times leads to unjustified confidence in the estimation for the median lifetime at both the stress conditions used in the experiments and at the use condition.     

应力集中致空心板L型裂缝研究

由于中小跨径桥梁大多采用标准图纸进行设计,空心板上混凝土栏杆跨中分缝是标准图中常见的方案。然而,浙江台金高速杨司高架桥混凝土栏杆跨中分缝后,空心板边板跨中大规模出现单一L型裂缝,暗示栏杆分缝与空心板开裂密切相关。该研究经过现场调研,系统搜集整理了事故桥的图纸、施工、材料及现场开裂信息,通过基于ABAQUS建立弹性和混凝土塑性损伤的事故桥的有限元模型,分析了新型L型裂缝的产生机理。研究结果表明:1）当栏杆和空心板固结时,栏杆分缝将引起刚度突变,导致应力集中,诱发出现穿过传统中和轴的L型裂缝;2）随着跨中空心板上栏杆预留缝宽度的减小和深度的增大,边板跨中底部应力逐渐增加;3）无论是弹性模型还是塑性损伤模型,不合理的分缝引起应力集中的趋势一致。该文的研究发现将改变量大、面广的空心板栏杆分缝传统方案,提升空心板使用性能。     

Design of a composite beam using the failure probability‐safety factor method

The paper shows the practical importance of the failure probability‐safety factor method for designing engineering works. The method provides an automatic design tool by optimizing an objective function subject to the standard geometric and code constraints, and two more sets of constraints, that guarantee some given safety factors and failure probability bounds, associated with a given set of failure modes. Since a direct solution of the optimization problem is not possible, the method proceeds as a sequence of three steps: (a) an optimal classical design, based on given safety factors, is done, (b) failure probabilities or bounds of all failure modes are calculated, and (c) safety factors bounds are adjusted. This implies a double safety check that leads to safer structures and designs less prone to wrong or unrealistic probability assumptions, and to excessively small (unsafe) or large (costly) safety factors. Finally, the actual global or combined probabilities of the different failure modes and their correlation are calculated using a Monte Carlo simulation. In addition, a sensitivity analysis is performed. To this end, the optimization problems are transformed into another equivalent ones, in which the data parameters are converted into artificial variables. In this way, some variables of the dual associated problems become the desired sensitivities. The method is illustrated by its application to the design of a composite beam. Copyright 2004 © John Wiley & Sons, Ltd.     

A probabilistic approach to uncertainty quantification with limited information

Many safety assessments depend upon models that rely on probabilistic characterizations about which there is incomplete knowledge. For example, a system model may depend upon the time to failure of a piece of equipment for which no failures have actually been observed. The analysts in this case are faced with the task of developing a failure model for the equipment in question, having very limited knowledge about either the correct form of the failure distribution or the statistical parameters that characterize the distribution. They may assume that the process conforms to a Weibull or log-normal distribution or that it can be characterized by a particular mean or variance, but those assumptions impart more knowledge to the analysis than is actually available. To address this challenge, we propose a method where random variables comprising equivalence classes constrained by the available information are approximated using polynomial chaos expansions (PCEs). The PCE approximations are based on rigorous mathematical concepts developed from functional analysis and measure theory. The method has been codified in a computational tool, AVOCET, and has been applied successfully to example problems. Results indicate that it should be applicable to a broad range of engineering problems that are characterized by both irreducible andreducible uncertainty.     

An improved formal failure analysis approach for safety-critical system based on MBSA

It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system.As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.     

A Microstructure-based Simulation Environment on the Basis of an Interface Enhanced Particle Model

The present contribution introduces enhanced discrete element simulation methodologies (DEM) with a special focus on a microstructure-based model environment. Therewith, it is possible to represent the failure of cohesive granular materials like concrete, ceramics or marl in a qualitative as well as quantitative manner. Starting from a basic polygonal two-dimensional particle model for non-cohesive granular materials, more complex models for cohesive materials are obtained by inclusion of beam or interface elements between corresponding particles. In particular, we will introduce an interface enhanced DEM methodology where a standard ingredient of computational mechanics, namely interface elements, are combined with the particle methodology contained in the DEM. The last step in the series of increasing complexity is the realization of a microstructure-based simulation environment which utilizes the interface enhanced DEM methodology. With growing model complexity a wide variety of failure features of cohesive as well as non-cohesive geomaterials can be represented. Finally, the plan of the paper is enriched by the validation of the newly introduced and re-developed discrete models with regard to qualitative and quantitative aspects.     

A multiobjective genetic algorithm approach to the optimization of the technical specifications of a nuclear safety system

Systems, structures, and components of Nuclear Power Plants are subject to Technical Specifications (TSs) that establish operational limitations and maintenance and test requirements with the objective of keeping the risk associated to the plant within the limits imposed by the regulatory agencies. Recently, in an effort to improve the competitiveness of nuclear energy in a deregulated market, modifications to maintenance policies and TSs are being considered within a risk-informed viewpoint, which judges the effectiveness of a TS, e.g. a particular maintenance policy, with respect to its implications on the safety and economics of the system operation.In this regard, a recent policy statement of the US Nuclear Regulatory Commission declares appropriate the use of Probabilistic Risk Assessment models to evaluate the effects on the system of a particular TS. These models rely on a set of parameters at the component level (failure rates, repair rates, frequencies of failure on demand, human error rates, inspection durations, and others) whose values are typically affected by uncertainties. Thus, the estimate of the system performance parameters corresponding to a given TS value must be supported by some measure of the associated uncertainty.In this paper we propose an approach, based on the effective coupling of genetic algorithms and Monte Carlo simulation, for the multiobjective optimization of the TSs of nuclear safety systems. The method transparently and explicitly accounts for the uncertainties in the model parameters by attempting to minimize both the expected value of the system unavailability and its associated variance. The costs of the alternative TSs solutions are included as constraints in the optimization. An application to the Reactor Protection Instrumentation System of a Pressurized Water Reactor is demonstrated.     

Quantitative safety assessment of the ventilation recirculation system in an undersea mine

This paper describes a quantitative safety study carried out on a system which monitors the environmental conditions in an undersea mine. Of particular importance are the concentrations of methane and carbon monoxide present in the mine. Although the presence of these gases is of concern in all mines it is of particular concern in this undersea mine since up to 37 per cent of the return air of the ventilation system is recirculated. When high methane or carbon monoxide levels are detected recirculation is halted. Fault trees were constructed to represent two system failure modes for each of the trip conditions; failure to trip on demand and spurious trip. These logic diagrams were then analysed to produce the minimal cut sets and the probabilities for the system failure events. From this prediction of system performance the degree of improvement attainable by changing the system design, component repair times or test frequencies was investigated.     

Automated hazard analysis of digital control systems

Digital instrumentation and control (I&C) systems can provide important benefits in many safety-critical applications, but they can also introduce potential new failure modes that can affect safety. Unlike electro-mechanical systems, whose failure modes are fairly well understood and which can often be built to fail in a particular way, software errors are very unpredictable. There is virtually no nontrivial software that will function as expected under all conditions. Consequently, there is a great deal of concern about whether there is a sufficient basis on which to resolve questions about safety. In this paper, an approach for validating the safety requirements of digital I&C systems is developed which uses the Dynamic Flowgraph Methodology to conduct automated hazard analyses. The prime implicants of these analyses can be used to identify unknown system hazards, prioritize the disposition of known system hazards, and guide lower-level design decisions to either eliminate or mitigate known hazards. In a case study involving a space-based reactor control system, the method succeeded in identifying an unknown failure mechanism.     

A critical-plane-based thermomechanical fatigue lifetime prediction model and its application in nickel-based single-crystal turbine blades

In this study, thermomechanical fatigue (TMF) behaviours, failure mechanisms and the lifetime prediction method of a nickel-based single-crystal superalloy with [001] orientation were investigated based on the stress-controlled TMF experiments at different stress/temperature ranges, dwell times and phase angles. The fractographic observations revealed a creep-fatigue failure mechanism for in-phase thermomechanical fatigue (IP TMF) and an oxidation-fatigue failure mechanism for out-of-phase thermomechanical fatigue (OP TMF). According to the observed physical phenomenon of the slip along particular planes during the deformation process, selecting the steady-ratcheting shear-strain rate as the representative physical quantity, a new critical-plane-based lifetime prediction model which was suitable for a variety of experiment conditions was established. The predicted lifetimes for both standard specimens and turbine blades showed good agreements with the experimental data. The strong versatility and the concise mathematic form that made the model have some practical application value.     

A fatigue crack propagation model

A model for fatigue crack propagation has been developed which incorporates mechanical, cyclic and fatigue properties as well as a length parameter. The latter can be associated with the microstructure of the material. The fatigue failure criterion is based on a measure of the dissipated plastic strain energy. This model predicts crack propagation at low and intermediate ΔK values, i.e. stage I crack growth rate as well as that of the stage II. A number of crack growth rate models proposed earlier, are shown to be particular cases of the one developed herein. Predictions of the model are in good agreement with the experimental data. The required data for predicting the crack growth rate, can be found in standard material handbooks where fatigue properties are listed.     

Automatic creation of Markov models for reliability assessment of safety instrumented systems

After the release of new international functional safety standards like IEC 61508, people care more for the safety and availability of safety instrumented systems. Markov analysis is a powerful and flexible technique to assess the reliability measurements of safety instrumented systems, but it is fallible and time-consuming to create Markov models manually. This paper presents a new technique to automatically create Markov models for reliability assessment of safety instrumented systems. Many safety related factors, such as failure modes, self-diagnostic, restorations, common cause and voting, are included in Markov models. A framework is generated first based on voting, failure modes and self-diagnostic. Then, repairs and common-cause failures are incorporated into the framework to build a complete Markov model. Eventual simplification of Markov models can be done by state merging. Examples given in this paper show how explosively the size of Markov model increases as the system becomes a little more complicated as well as the advancement of automatic creation of Markov models.     

Research on the stability analysis and design of soil tunnel surrounding rock

The paper first analyzes the failure mechanism and mode of tunnel according to model experiments and mechanical calculation, then discusses the deficiency of taking the limit value of displacement around the tunnel and the size of the plastic zone of surrounding rock as the criterion of stability. So the writers put forward to regard the safety factor of surrounding rock calculated through strength reduction FEM as the criterion of stability, which has strict mechanical basis and unified standard and would not be influenced by other factors. The paper also studies the safety factors of tunnel surrounding rock (safety factors of shear and tension failure) and lining and some methods of designing and calculating tunnels. At last, the writers take the loess tunnel for instance and show the design and calculation results of two-lane railway tunnel.     

Extending the Possibilities of Quantitative Determination of SIL – a Procedure Based on IEC 61508 and the Markov Model with Common Cause Failures

Generalized equations for calculating the probability of failure on demand (PFD) in accordance with the IEC 61508 standard and a model based on Markov processes, taking into account common cause failures, are proposed in this paper. The solutions presented in the standard and in many references concentrate on simple k‐out‐of‐n architectures. The equations proposed in the standard concern cases for n ≤ 3. In safety‐related systems applied in industry, architectures of a number of elements n larger than three often occur. For this reason, a generalized equation for calculating PFD was proposed. For cases presented in the standard, the proposed equation provides identical results. The presented simplified Markov model allows the determination of the system availability (A(t)) and unavailability (1–A(t)) as well as their values in the steady state (A and 1–A). This model can be an alternative method of PDF calculations for various k‐out‐of‐n architectures with self‐diagnostic elements. Calculations performed according to the proposed models provide very similar results. The developed models are suitable for practical implementations in calculations of the safety integrity level. Copyright © 2016 John Wiley & Sons, Ltd.