工程故障分析外文翻譯、畢業(yè)外文翻譯、中英文翻譯

Engineering failure analysis Abstract The scale and complexity of computer-based safety critical systems, like those used in the transport and manufacturing industries, pose significant challenges for failure analysis. Over the last decade, research has focused on automating this task. In one approach, predictive models of system failure are constructed from the topology of the system and local component failure models using a process of composition. An alternative approach employs model-checking of state automata to study the effects of failure and verify system safety properties. In this paper, we discuss these two approaches to failure analysis. We then focus on Hierarchically Performed Hazard Origin & Propagation Studies (HiP-HOPS) one of the more advanced compositional approaches and discuss its capabilities for automatic synthesis of fault trees, combinatorial Failure Modes and Effects Analyses, and reliability versus cost optimisation of systems via application of automatic model transformations.We summarise these contributions and demonstrate the application of HiP-HOPS on a simplified fuel oil system for a ship engine. In light of this example, we discuss strengths and limitations of the method in relation to other state-of-the-art techniques. In particular,because HiP-HOPS is deductive in nature, relating system failures back to their causes, it is less prone to combinatorial explosion and can more readily be iterated. For this reason, it enables exhaustive assessment of combinations of failures and design optimisation using computationally expensive meta-heuristics. 1. Introduction Increasing complexity in the design of modern engineering systems challenges the applicability of rule-based design and classical safety and reliability analysis techniques. As new technologies introduce complex failure modes, classical manual analysis of systems becomes increasingly difficult and error prone.To address these difficulties, we have developed a computerised tool called HiP-HOPS (Hierarchically Performed Hazard Origin & Propagation Studies) that simplifies aspects of the engineering and analysis process. The central capability of this tool is the automatic synthesis of Fault Trees and Failure Modes and Effects Analyses (FMEAs) by interpreting reusable specifications of component failure in the context of a system model. The analysis is largely automated,requiring only the initial component failure data to be provided, therefore reducing the manual effort required to examine safety； at the same time,the underlying algorithms can scale up to analyse complex systems relatively quickly, enabling the analysis of systems that would otherwise require partial or fragmented manual analyses.More recently, we have extended the above concept to solve a design optimisation problem: reliability versus cost optimisation via selection and replication of components and alternative subsystem architectures. HiP-HOPS employs genetic algorithms to evolve initial non-optimal designs into new designs that better achieve reliability requirements with minimal cost. By selecting different component implementations with different reliability and cost characteristics, or substituting alternative subsystem architectures with more robust patterns of failure behaviour, many solutions from a large design space can be explored and evaluated quickly. Our hope is that these capabilities, used in conjunction with computer-aided design and modelling tools, allow HiP-HOPS to facilitate the useful integration of a largely automated and simplified form of safety and reliability analysis in the context of an improved design process. This in turn will, we hope, address the broader issue of how to make safety a more controlled facet of the design so as to enable early detection of potential hazards and to direct the design of preventative measures. The utilisation of the approach and tools has been shown to be beneficial in case studies on engineering systems in the shipping 1 and offshore industries 2. This paper outlines these safety analysis and reliability optimisation technologies and their application in an advanced and largely automated engineering process. 2. Safety analysis and reliability optimisation 3. Safety analysis using HiP-HOPS HiP-HOPS is a compositional safety analysis tool that takes a set of local component failure data, which describes how output failures of those components are generated from combinations of internal failure modes and deviations received at the components inputs, and then synthesises fault trees that reflect the propagation of failures throughout the whole system.From those fault trees, it can generate both qualitative and quantitative results as well as a multiple failure mode FMEA 35.A HiP-HOPS study of a system design typically has three main phases: Modelling phase: system modelling & failure annotation. Synthesis phase: fault tree synthesis. Analysis phase: fault tree analysis & FMEA synthesis. Although the first phase remains primarily manual in nature, the other phases are fully automated. The general process in HiP-HOPS is illustrated in Fig. 2 below: The first phase system modelling & failure annotation consists of developing a model of the system (including hydraulic, electrical or electronic, mechanical systems, as well as conceptual block and data flow diagrams) and then annotating the components in that model with failure data. This phase is carried out using an external modelling tool or package compatible with HiP-HOPS. HiP-HOPS has interfaces to a number of different modelling tools, including Matlab Simulink, Eclipse-based UML tools, and particularly SimulationX. The latter is an engineering modelling & simulation tool developed by ITI GmbH36 with a fully integrated interface to HiP-HOPS. This has the advantage that existing system models, or at least models that would have been developed anyway in the course of the design process, can also be re-used for safety analysis purposes rather than having to develop a new model specific to safety. The second phase is the fault tree synthesis process. In this phase, HiP-HOPS automatically traces the paths of failure propagation through the model by combining the local failure data for individual components and subsystems. The result is a network of interconnected fault trees defining the relationships between failures of system outputs and their root causes in the failure modes of individual components. It is a deductive process, working backwards from the system outputs to determine which components caused those failures and in what logical combinations.The final phase involves the analysis of those fault trees and the generation of an FMEA. The fault trees are first minimised to obtain the minimal cut sets the smallest possible combinations of failures capable of causing any given system failure and these are then used as the basis of both quantitative analysis (to determine the probability of a system failure) and the FMEA, which directly relates individual component failures to their effects on the rest of the system. The FMEA takes the form of a table indicating which system failures are caused by each component failure.The various phases of a HiP-HOPS safety analysis will now be described in more detail. 4. Design optimisation using HiP-HOPS HiP-HOPS analysis may show that safety, reliability and cost requirements have been met, in which case the proposed system design can be realised. In practice, though, this analysis will often indicate that certain requirements cannot be met by the current design, in which case the design will need to be revised.This is a problem commonly encountered in the design of reliable or safety critical systems. Designers of such systems usually have to achieve certain levels of safety and reliability while working within cost constraints. Design is a creative exercise that relies on the technical skills of the design team and also on experience and lessons learnt from successful earlier projects, and thus the bulk of design work is creative. However, we believe that further automation can assist the process of iterating the design by aiding in the selection of alternative components or subsystem architectures as well as in the replication of components in the model, all of which may be required to ensure that the system ultimately meets its safety and reliability requirements with minimal cost.A higher degree of reliability and safety can often be achieved by using a more reliable and expensive component, an alternative subsystem design (e.g. A primary/standby architecture), or by using replicated components or subsystems to achieve redundancy and therefore ensure that functions are still provided when components or subsystems fail. In a typical system design, however, there are many options for substitution and replication at different places in the system and different levels of the design hierarchy. It may be possible, for example, to achieve the same reliability by substituting two sensors in one place and three actuators in another, or by replicating a single controller or control subsystem, etc. Different solutions will, however, lead to different costs, and the goal is not only to meet the safety goals and cost constraints but also to do so optimally, i.e. find designs with maximum possible reliability for the minimum possible cost. Because the options for replication and/or substitution in a non-trivial design are typically too many to consider manually, it is virtually impossible for designers to address this problem systematically； as a result, they must rely on intuition, or on evaluation of a few different design options. This means that many other options some of which are potentially superior are neglected. Automation of this process could therefore be highly useful in evaluating a lot more potential design alternatives much faster than a designer could do so manually. Recent extensions to HiP-HOPS have made this possible by allowing design optimisation to take place automatically 38. HiP-HOPS is now capable of employing genetic algorithms in order to progressively evolve” an initial design model that does not meet requirements into a design where components and subsystem architectures have been selected and where redundancy has been allocated in a way that minimizes cost while achieving given safety and reliability requirements. In the course of the evolutionary process, the genetic algorithm typically generates populations of candidate designs which employ user-defined alternative implementations for components and subsystems as well as standard replication strategies.These strategies are based on widely used fault tolerant schemes such as hot or cold standbys and n-modular redundancy with majority voting. For the algorithm to progress towards an optimal solution, a selection process is applied in which the fittest designs survive and their genetic makeup is passed to the next generation of candidate designs. The fitness of each design relies on cost and reliability. To calculate fitness, therefore, we need methods to automatically calculate those two elements. An indication of the cost of a system can be calculated as the sum of the costs of its components (although for more accurate calculations,life-cycle costs should also be taken into account, e.g. production, assembly and maintenance costs) 39. However, while calculation of cost is relatively easy to automate, the automation of the evaluation of safety or reliability is more difficult as conventional methods rely on manual construction of the reliability model (e.g. the fault tree, reliability block diagram or the FMEA). HiP-HOPS, by contrast, already automates the development and calculation of the reliability model, and therefore facilitates the evaluation of fitness as a function of reliability (or safety). This in turn enables a selection process through which the genetic algorithm can progress towards an optimal solution which can achieve the required safety and reliability at minimal cost. One issue with genetic algorithms is that it has to be possible to represent the individuals in the population in this case,the design candidates as genetic encodings in order to facilitate crossover and mutation. Typically this is done by assigning integers to different alternatives in specific positions in the encoding string, e.g. a system consisting of three components may be represented by an encoding string of three digits, the value of each of which represents one possible implementationfor those components. However, although this is sufficient if the model has a fixed, flat topology, it is rather inflexible and cannot easily handle systems with subsystems, replaceable sub-architectures, and replication of components, since this would also require changing the number of digits in the encoding string.The solution used in HiP-HOPS is to employ a tree encoding, which is a hierarchical rather than linear encoding that can more accurately represent the hierarchical structure of the system model. Each element of the encoding string is not simply just a number with a fixed set of different values, it can also represent another tree encoding itself. Fig. 7 shows these different possibilities: we may wish to allow component A to be replaced with either a low cost, low reliability implementation (represented as 1), a high cost, high reliability implementation (2), or an entirely new subsystem with a primary/standby configuration (3). If the third implementation is selected, then a new sub-encoding is used, which may contain further values for the components that make up the new subsystem, i.e. the primary and the standby.Thus encoding 1” means that the first implementation was chosen, encoding 2” means the second was chosen, 3(11)” means that the third was chosen (the subsystem) and furthermore that the two subcomponents both use implementation 1,while 3(21)” for example means that the primary component in the subsystem uses implementation 2 instead. Although the tree encoding is more complex, it is also much more flexible and allows a far greater range of configuration optionsto be used during the optimisation process.HiP-HOPS uses a variant of the NSGA-II algorithm for optimisation. The original NSGA-II algorithm allows for both undominated and dominated solutions to exist in the population (i.e. the current set of design candidates). To help decide which solutions pass on their characteristics to the next generation, they are ranked according to the number of other solutions they dominate. The more dominant solutions are more likely to be used than the less dominant solutions. HiP-HOPS is also able to discard all but the dominant solutions. This is known as a pure-elitist algorithm (since all but the best solutions are discarded) and also helps to improve performance.To further enhance the quality of solutions and the speed with which they can be found, a number of other modifications were made. One improvement was to maintain a solution archive similar to those maintained by tabu search and ant colony optimisation； this has the benefit of ensuring that good solutions are not accidentally lost during subsequent generations. Another improvement was to allow constraints to be taken into account during the optimisation process, similar to the way the penalty-based optimisation functions: the algorithm is encouraged to maintain solutions within the constraints and solutions outside, while permitted, are penalised to a varying degree. In addition, younger solutions i.e. ones more recently created are preferred over ones that have been maintained in the population for a longer period； again, this helps to ensure a broader search of the design space by encouraging new solutions to be created rather than reusing existing ones. 工程故障分析 摘要 像在交通運輸業(yè)和制造業(yè)中，使用的基于計算機安全的系統(tǒng)的規(guī)模和復雜性，對工程故障分析帶來了重大的挑戰(zhàn)。在過去的十年中，這個任務主要由自動化來完成。有一種系統(tǒng)故障模型是從系統(tǒng)的拓撲結構和本地使用過程中的組成構件來預測故障的模式。另一種方法是采用自動檢查狀態(tài)的模型來研究失效的影響，并驗證系統(tǒng)的安全性能。在本文中，我們將討論倆種方法失效分析。然后 ，我們專注于分級研究危險的起源和傳播（ HIP-HOPS） 一個更先進的構圖方法 故障樹，其功能可以自動合成，組合失效模式后果分析，可靠性和成本，系統(tǒng)通過自動模式 transformations.We的應用來優(yōu)化總結這些特點，并通過簡化船舶發(fā)動機的燃油系統(tǒng)來證明 HIP-HOPS在其中的應用。根據這個例子，我們討論了與其他國家先進技術相比較，這種方法的優(yōu)勢和局限性。特別是由于 HIP-HOPS能夠演繹，可以歸結出系統(tǒng)故障的原因，并且不容易發(fā)生組合爆炸，更容易的進行迭代。出于這個原因，它成為對故障和優(yōu)化設計進行評 估的啟發(fā)式算法。 1、 介紹 現代工程系統(tǒng)的日益復雜對以規(guī)則為基礎的設計，經典的安全性和可靠性分析技術的實用性提出了挑戰(zhàn)。隨著新技術的引入和復雜的故障模式，經典的系統(tǒng)分析變得越來越困難并且錯誤百出。我們已經開發(fā)出一種計算機工具，稱為 HIP-HOPS（分層分析危險來源），用于簡化工程設計和分析過程。這個工具的核心在于自動分析故障樹，以及重復分析系統(tǒng)模式內部的失效單元的 FMEAs。分析是自動的，只需要初始的組件故障數據，因此，減少了手工安全檢查，在相同的時間內，可擴展的底層算法可以相對快速的分析復雜的系統(tǒng)，也可以進行碎片式的故障分析。最近，我們通過選擇和復制的組件和替代子系統(tǒng)架構，來解決一個優(yōu)化設計問題：可靠性和成本優(yōu)化。 HIP-HOPS從引進遺傳算法得出非最優(yōu)方案進化到以小成本獲得高的可能性的新設計。通過選擇不同的組件實現不同的可靠性和成本特征，或用子系統(tǒng)替代架構，具有更強大的功能，可以解決許多方案，從大的空間探索到快速評估。我們希望在 HIP-HOPS下，計算機輔助設計和建模工具能夠結合使用，用于進行高度自動化和簡化集成的安全性和可靠性分析并且改進設計過程。反過來，我們希望解決更廣泛的問題，研究如何讓安全更加可控，以 便及早發(fā)現潛在的危險并給出預防措施。這種方法和工具在海上工業(yè)等領域被證明是適用的。本文概述了這些安全性分析和先進的可靠性優(yōu)化技術及其應用和高度自動化的工程過程。 2、 安全性分析 HIP-HOPS HIP-HOPS的主要部分是安全性分析工具，將一組描述了這些組件如何產生故障的內部故障模式的本地組件故障數據輸入，然后整合生成令整個系統(tǒng)產生故障的故障樹。通過這些故障樹。可以生成定性和定量的結果以及多種失效模式 FMEA。 HIP-HOPS系統(tǒng)設計的研究通常有三個主要階段： 建模階段：系統(tǒng)建模和故障注解。 合成階段：故障 樹合成。 分析階段：故障樹分析和 FMEA合成。 第一階段主要是手動進行，其他階段是完全自動的。圖 2所示是HIP-HOPS的一般過程：第一階段 系統(tǒng)建模和故障注解 包括開發(fā)一個模型系統(tǒng)（包括液壓，電氣或電子，機械系統(tǒng)以及概念方框圖和數據流圖），然后對該模型的組件故障數據進行編序。此階段的進行需要外部建模工具與 HIP-HOPS兼容。 HIP-HOPS提供一些不同建模工具的接口，包括 Matlab的 Simulink，基于 Eclipse的 UML工具，特別是SimulationX。后者集完全集成的接口與 HIP-HOPS ITI GmbH公司開發(fā)的工程建模與仿真工具于一身。它的優(yōu)點是無論現存的系統(tǒng)模型或是模型設計到什么程度，它都可以用來做安全性分析，而不用專門為安全性分析去建模。第二階段是在故障樹合成過程當中的。在這個階段，通過與模型相結合， HIP-HOPS可以自動跟蹤由于單個模塊及子系統(tǒng)的局部破壞導致失敗的數據傳播路徑。因此，由網絡和故障樹之間的定義關系，得出系統(tǒng)輸出失敗的根源在于單個組件的故障模式。這是一個演繹的過程，追溯到系統(tǒng)的輸出從而決定是哪種因素導致系統(tǒng)的失敗，并能找到涉及什么樣的邏輯組合。這些故障樹分析和生 成 FMEA。首先將故障樹最小化以獲得最小割集的故障，然后呈現出任何給定的系統(tǒng)的最小可能的組合，這些作為定量分析的基礎（以確定系統(tǒng)發(fā)生故障的概率）和將系統(tǒng)的的個別故障與系統(tǒng)的其余故障直接聯系起來的 FMEA。 FMEA以表格的形式把所有導致系統(tǒng)失效的原因一一列舉出來。 HIP-HOPS安全分析中的各種術語會對其作出更詳盡的描述。 3、 HIP-HOPS的優(yōu)化設計 HIP-HOPS可以顯示出預期的安全系統(tǒng)的安全系數，可靠性及成本。實際上，這個分析軟件通常預測出的特定需求不能與現存的設計相符，這就導致要隨著設計的改變而改變。 經常與設計要求的安全系數和可靠性不符。這種系統(tǒng)