CN105930221A

CN105930221A - Method for evaluating reliability of function reorganization strategy

Info

Publication number: CN105930221A
Application number: CN201610299068.3A
Authority: CN
Inventors: 黄宁; 白亚南; 李瑞莹; 伍志韬
Original assignee: Beihang University
Current assignee: Beihang University
Priority date: 2016-05-06
Filing date: 2016-05-06
Publication date: 2016-09-07
Anticipated expiration: 2036-05-06
Also published as: CN105930221B

Abstract

The invention discloses a method for evaluating the reliability of a function reorganization strategy, belonging to the field of reliability and safety. In the method disclosed by the invention, it assumes that functions born by n equipment in a function reorganization system are independent; if one equipment in the function reorganization system is failed, functions of n-1 equipment are reorganized; the reliability of the function reorganization system after function reorganization is calculated by two conditions; and thus, the reliability of the function reorganization system is obtained. According to the method disclosed by the invention, specific reliability evaluation of the function reorganization system is replaced by the function reliability; the problem that the function reorganization strategy of the function reorganization system is closely related to the function reorganization system itself can be effectively solved; a generic evaluation model is abstracted; the method disclosed by the invention can perform comparison analysis of the reorganization strategy of the function reorganization system; resources are sufficiently utilized; and the function reorganization strategy having relatively high reliability can be provided.

Description

A Reliability Evaluation Method for Functional Recombination Strategy

技术领域technical field

本发明提供一种功能重组策略的可靠性评估方法，属于可靠性及安全(安全系统工程)领域。The invention provides a reliability evaluation method of a function recombination strategy, which belongs to the field of reliability and safety (safety system engineering).

背景技术Background technique

功能重组是动态冗余技术的重要实现步骤，主要功能是防止失效的产生影响到系统的运行。随着工业工程系统的综合化、网络化、复杂化发展，对其的可靠性、安全性要求越来越高。重组能力的出现就更加保证了网络的可靠性传输。当系统发生故障，或者出于其它安全性能的考虑使系统遭受安全威胁时，具有重组能力的系统就能及时地进行功能重组，恢复正常的运行，保证网络的可靠和安全。特别是一些提供在线服务或者进行实时数据业务通信的网络就更加需要保障功能重组的安全可靠，例如工业生产控制系统、军事指挥系统等。因此提高功能重组的可靠性，不仅可以更好地利用现有的配置、故障、性能、安全管理的监测和评估，还可以增加系统的抗干扰、完成任务的能力。Functional reorganization is an important step in the realization of dynamic redundancy technology, and its main function is to prevent failures from affecting the operation of the system. With the development of integration, networking and complexity of industrial engineering systems, the requirements for reliability and safety are getting higher and higher. The appearance of the recombination capability further guarantees the reliable transmission of the network. When the system breaks down, or the system suffers from security threats due to other safety performance considerations, the system with reorganization capability can perform functional reorganization in time, restore normal operation, and ensure the reliability and security of the network. In particular, some networks that provide online services or conduct real-time data business communications need to ensure the safety and reliability of functional reorganization, such as industrial production control systems and military command systems. Therefore, improving the reliability of functional reorganization can not only make better use of existing monitoring and evaluation of configuration, failure, performance, and safety management, but also increase the system's ability to resist interference and complete tasks.

当前系统功能重组策略是基于网络拓扑，功能相关以及经验来设计，并没有一套完整的、系统的指导准则。对功能可重组系统的可靠性建模侧重于重组前后系统的可靠性模型发生的变化，以及重组时间对系统可靠性的影响。对系统功能重组策略的可靠性评估，鲜有研究。功能重组策略是为提高系统可靠性而提出。为达到提高系统可靠性的目的，首先要确保当满足功能重组的条件时，功能重组策略能够执行。如何利用资源最大限度地提高系统的可靠性成为系统正常运行的保障性问题。对功能重组策略进行可靠性评估是进行功能重组优化的重要基础。The current system function reorganization strategy is designed based on network topology, function correlation and experience, and there is no complete and systematic guideline. The reliability modeling of functionally reconfigurable systems focuses on the changes in the reliability model of the system before and after reconfiguration, and the impact of reconfiguration time on system reliability. There is little research on the reliability evaluation of system function reorganization strategies. The function recombination strategy is proposed to improve the reliability of the system. In order to achieve the purpose of improving system reliability, it is first necessary to ensure that the function reorganization strategy can be executed when the conditions of function reorganization are met. How to use resources to maximize the reliability of the system has become a guarantee issue for the normal operation of the system. Reliability evaluation of function recombination strategy is an important basis for function recombination optimization.

然而对系统功能重组策略进行可靠性评估时主要存在以下问题：1)系统的功能重组策略与系统本身紧密相关，很难提出一个共性的评估模型；2)系统的功能重组策略是一个概率事件，且在不同时间重组对系统可靠性有不同的影响，难以对其进行评估。However, the following problems exist in the reliability evaluation of the system function reorganization strategy: 1) The system function reorganization strategy is closely related to the system itself, and it is difficult to propose a common evaluation model; 2) The system function reorganization strategy is a probabilistic event, Moreover, reorganization at different times has different impacts on system reliability, and it is difficult to evaluate it.

发明内容Contents of the invention

本发明的目的是为了解决一种功能可重组系统的可靠性评估问题，提出一种功能可重组系统的可靠性建模分析，进而对功能可重组系统的重组策略进行评估。The object of the present invention is to solve the reliability evaluation problem of a function reconfigurable system, propose a reliability modeling analysis of the function recombination system, and then evaluate the recombination strategy of the function recombination system.

本发明对功能重组策略建模评估做出如下假设：The present invention makes the following assumptions on the modeling evaluation of the functional reorganization strategy:

假设功能可重组系统中设备承担的功能是独立的。在功能可重组系统功能重组前后，每个设备提供无差别的功能服务。首先将功能可重组系统以功能独立为准则进行划分。为便于描述，假设功能可重组系统有n个设备各自承担对应的功能如果某个设备发生故障，则n-1个设备功能重组，执行的功能分别记为且此时能够完成既定任务。依次类推，如果l个设备发生故障，n-l个设备功能重组，执行的功能分别记为且此时能够完成既定任务，但是l+1个设备发生故障时，该功能可重组系统无法进行功能重组完成既定任务，此时功能可重组系统失效。本发明中称功能可重组系统在设备发生故障时仍能通过设备功能重组完成既定任务的概率为重组可靠度。It is assumed that the functions undertaken by the equipment in the functionally reconfigurable system are independent. Before and after the functional reorganization of the functional reconfigurable system, each device provides the same functional service. Firstly, the function reconfigurable system is divided according to the criterion of function independence. For the convenience of description, it is assumed that there are n devices in the function reconfigurable system, each of which undertakes the corresponding functions If a certain device breaks down, the functions of n-1 devices will be reorganized, and the functions performed are respectively recorded as And at this time, the established tasks can be completed. By analogy, if l equipment fails, nl equipment functions are reorganized, and the executed functions are respectively recorded as And at this time, the set task can be completed, but when 1+1 devices fail, the functional reconfigurable system cannot perform functional reorganization to complete the set task, and the functional reconfigurable system fails at this time. In the present invention, the probability that a functionally reconfigurable system can still complete a predetermined task through equipment function reorganization when a device fails is called the recombination reliability.

本发明提供的一种功能重组策略的可靠性评估方法，不失一般性，考虑l＝1的情况，l>1可以迭代分析。当l＝1时，也即要求仍能保持正常工作的概率。由于功能重组保证了原来功能均需要执行，因而存在指定功能k_i和k_j，i≠j，一旦功能可重组系统的某个设备在t时刻失效时，这两个功能合并成一个功能且由功能k_i或功能k_j对应的设备执行，而其余n-2个设备执行中剩下的功能。因而，影响功能可重组系统功能重组后可靠性模型的失效存在两种情况：The method for evaluating the reliability of a function recombination strategy provided by the present invention does not lose generality, considering the case of l=1, l>1 can be analyzed iteratively. When l=1, that is to say Probability of still maintaining normal operation. Due to functional reorganization the original Both functions need to be executed, so there are specified functions k _i and k _j , i≠j, once a device in the functional reconfigurable system fails at time t, these two functions are combined into one function And it is executed by the device corresponding to function k _i or function k _j , while the remaining n-2 devices execute the rest of the functions. Therefore, there are two situations that affect the failure of the reliability model after the functional reorganization of the functional reconfigurable system:

第一种情况为失效的设备承担功能k_i或功能k_j；In the first case, the failed equipment assumes function k _i or function k _j ;

则此时的概率P₁为：Then the probability P ₁ at this time is:

${P P}_{11} = = {C C}_{22}^{11} {R R}^{n no - - 22} ((t t)) {&Integral; &Integral;}_{00}^{t t} f f ((x x)) R R ((x x)) {R R}^{' '} ((t t - - x x)) d d x x - - - - - - ((11))$

其中假定了所有设备的可靠度函数相同，均为R(·)，对应的失效密度函数为f(·)。功能重组后的承担多项功能的设备的可靠度函数为R'(·)，t为任务时间。It is assumed that the reliability functions of all equipment are the same, R(·), and the corresponding failure density function is f(·). The reliability function of the equipment undertaking multiple functions after function reorganization is R'(·), and t is the task time.

第二种情况为失效的设备不承担功能k_i也不承担功能k_j；The second case is that the failed equipment does not assume the function k _i nor the function k _j ;

则此时的概率P₂为：Then the probability P2 at this time is _:

${P P}_{22} = = {C C}_{n no - - 22}^{11} {R R}^{n no - - 33} ((t t)) {&Integral; &Integral;}_{00}^{t t} f f ((x x)) {R R}^{22} ((x x)) {R R}^{' '} ((t t - - x x)) R R ((t t - - x x)) d d x x - - - - - - ((22))$

下面分析重组可靠度。假定事件A为功能可重组系统能够完成既定任务，假定事件B为功能可重组系统发生功能重组，也即功能可重组系统中有设备故障。因而重组可靠度R_S(t)可表示为：The reliability of recombination is analyzed below. It is assumed that event A is that the functionally reconfigurable system can complete the predetermined task, and event B is that the functionally reconfigurable system has functional reorganization, that is, there is an equipment failure in the functionally reconfigurable system. Therefore, the recombination reliability R _S (t) can be expressed as:

${R R}_{S S} ((t t)) = = P P ((A A | | B B)) = = \frac{P P ((A A \cap \cap B B))}{P P ((B B))} - - - - - - ((33))$

其中P(A|B)为在事件B发生的情况下事件A发生的概率、P(A∩B)是事件A和事情B同时发生的概率。Where P(A|B) is the probability that event A occurs when event B occurs, and P(A∩B) is the probability that event A and event B occur at the same time.

由式(1)和式(2)的定义可知，From the definition of formula (1) and formula (2), we can know that

P(A∩B)＝P₁+P₂ (4)P(A∩B)＝P ₁ +P ₂ (4)

而重组发生概率P(B)＝1-Rⁿ(t)，Rⁿ(t)为t时刻n个设备正常工作的概率。从而根据式(3)可得：The recombination occurrence probability P(B)=1−R ⁿ (t), where R ⁿ (t) is the probability that n devices work normally at time t. So according to formula (3), we can get:

$\begin{matrix} {R R}_{S S} ((t t)) = = \frac{P P ((A A \cap \cap B B))}{P P ((B B))} = = \frac{{P P}_{11} + + {P P}_{22}}{P P ((B B))} \\ = = \frac{{C C}_{22}^{11} {R R}^{n no - - 22} ((t t)) {&Integral; &Integral;}_{00}^{t t} f f ((x x)) R R ((x x)) {R R}^{' '} ((t t - - x x)) d d x x + + {C C}_{n no - - 22}^{11} {R R}^{n no - - 33} ((t t)) {&Integral; &Integral;}_{00}^{t t} f f ((x x)) {R R}^{22} ((x x)) {R R}^{' '} ((t t - - x x)) R R ((t t - - x x)) d d x x}{11 - - {R R}^{n no} ((t t))} \end{matrix} - - - - - - ((55))$

本发明提供的一种功能重组策略的可靠性评估方法，其优点在于：The method for evaluating the reliability of a function recombination strategy provided by the present invention has the advantages of:

(1)本发明从功能独立的角度对功能可重组系统进行划分，通过功能的可靠度代替具体系统的可靠性评估，能够有效地解决系统的功能重组策略与系统本身紧密相关的问题，抽象出一个共性的评估模型。(1) The present invention divides the function reconfigurable system from the perspective of function independence, replaces the reliability evaluation of the specific system by the reliability of the function, can effectively solve the problem that the function reorganization strategy of the system is closely related to the system itself, and abstracts A generic evaluation model.

(2)本发明对功能重组系统的可靠性建模分析，能够有效地解决系统的功能重组在不同时间重组对系统可靠性有不同的影响问题，便于对功能重组系统进行可靠性评估。(2) The present invention analyzes the reliability modeling of the functional reorganization system, which can effectively solve the problem that the functional reorganization of the system has different influences on the system reliability at different times, and facilitates the reliability evaluation of the functional reorganization system.

(3)本发明能够为功能重组系统的重组策略进行对比分析，充分利用资源，提出更高可靠度的功能重组策略。(3) The present invention can perform comparative analysis on the reorganization strategies of the functional reorganization system, make full use of resources, and propose a more reliable functional reorganization strategy.

具体实施方式detailed description

下面将结合实施例对本发明做进一步详细说明。The present invention will be further described in detail below in conjunction with examples.

对于某飞机监控系统，按照功能独立的准则将该系统划分六个相同的监测设备，并假定这六个监测设备分别承担功能TB1、TB2、TB3、LG1、LG2、LG3。一旦某个监测设备发生故障，则让TB2和TB3加载在一个监测设备上，故障设备所执行的功能加载到TB2和TB3合并后闲置的那个监测设备上，也即一个设备故障之后，剩下五个设备执行功能TB1，TB2+TB3，LG1，LG2，LG3。For an aircraft monitoring system, the system is divided into six identical monitoring devices according to the principle of functional independence, and it is assumed that these six monitoring devices undertake functions TB1, TB2, TB3, LG1, LG2, LG3 respectively. Once a monitoring device fails, let TB2 and TB3 be loaded on one monitoring device, and the function performed by the faulty device is loaded on the idle monitoring device after TB2 and TB3 are merged, that is, after one device fails, the remaining five Each device performs functions TB1, TB2+TB3, LG1, LG2, LG3.

为便于说明，以下简记各个监测设备为其初始功能代号。如初始完成功能TB1的监测设备简记为TB1，以此类推，其余监测设备简记为TB2、TB3、LG1、LG2、LG3。For the convenience of explanation, the initial function codes of each monitoring equipment are abbreviated below. For example, the monitoring equipment that initially completes the function TB1 is abbreviated as TB1, and so on, and the remaining monitoring equipment is abbreviated as TB2, TB3, LG1, LG2, and LG3.

基于该系统的初始约定，在六个监测设备出现故障后能实现功能重组，即按照既定的机制能够保证其正常工作的方式有以下两种情况：Based on the initial agreement of the system, functional reorganization can be realized after the failure of the six monitoring devices, that is, there are two situations in which the normal operation can be guaranteed according to the established mechanism:

第一种情况：TB2和TB3其中之一故障；The first case: one of TB2 and TB3 fails;

当TB2和TB3其中之一故障，其余四个设备是好的。四个设备正常工作的概率为R⁴。TB2和TB3等价，不管哪一个设备故障其概率一样。下面以TB2为例来说明：When one of TB2 and TB3 fails, the remaining four devices are fine. The probability that the four devices work properly is R ⁴ . TB2 and TB3 are equivalent, regardless of which device has the same probability of failure. Let's take TB2 as an example to illustrate:

设系统规定运行时间为t(t＝8)，在0-t的任意时刻内TB2均有可能失效，且在TB2失效之前，TB3为正常工作，当TB2失效之后，TB3和TB2合二为一，此时合并后可靠度为R’(对于合并后的可靠度R’，我们假设R′(t)＝αR(t)，其中α为合并系数，R(t)为监测设备的可靠度函数)。则该系统在此种故障发生后能保持正常工作的概率为：Assuming that the running time of the system is t (t=8), TB2 may fail at any time from 0 to t, and before TB2 fails, TB3 is working normally, and after TB2 fails, TB3 and TB2 are combined into one , at this time the combined reliability is R' (for the combined reliability R', we assume R'(t)=αR(t), where α is the combination coefficient, and R(t) is the reliability function of the monitoring equipment ). Then the probability that the system can keep working normally after such a failure occurs is:

${P P}_{11} = = 22 \times \times \frac{{R R}^{44} ((t t)) {&Integral; &Integral;}_{00}^{t t} f f ((x x)) R R ((x x)) {R R}^{' '} ((t t - - x x)) d d x x}{11 - - {R R}^{66} ((t t))}$

R⁶(t)为在t时刻，六个设备正常工作的概率。R ⁶ (t) is the probability that the six devices work normally at time t.

第二种情况：TB1、LG1、LG2和LG3其中之一故障The second case: one of TB1, LG1, LG2 and LG3 fails

TB2和TB3正常工作，TB1、LG1、LG2和LG3之一故障，TB1、LG1、LG2和LG3等价，不管哪一个故障其概率一样。下面以TB1为例来说明：TB2 and TB3 work normally, one of TB1, LG1, LG2 and LG3 fails, TB1, LG1, LG2 and LG3 are equivalent, no matter which one fails, its probability is the same. Let's take TB1 as an example to illustrate:

在0-t的任意时刻内TB1均有可能失效，当TB1失效之前，TB2和TB3均正常工作，当TB1失效之后，TB2和TB3合并，合并后闲置的监测设备承担TB1的工作。则该系统在发生此种故障后能保持正常工作的概率为：TB1 may fail at any time from 0 to t. Before TB1 fails, both TB2 and TB3 work normally. After TB1 fails, TB2 and TB3 are merged, and the idle monitoring equipment after the merger undertakes the work of TB1. Then the probability that the system can keep working normally after such a failure occurs is:

${P P}_{22} ((t t)) = = 44 \times \times \frac{{R R}^{33} ((t t)) {&Integral; &Integral;}_{00}^{t t} f f ((x x)) R R {((x x))}^{22} R R ((t t - - x x)) {R R}^{' '} ((t t - - x x)) d d x x}{11 - - {R R}^{66} ((t t))}$

综上所述，对于该系统在某一设备发生故障后能够实现功能重组的概率为：To sum up, the probability that the system can achieve functional reorganization after a certain equipment fails is:

$R_{S} (t) = 2 \times \frac{R {(t)}^{4} {&Integral;}_{0}^{t} f (x) R (x) R^{'} (t - x) d x}{1 - R^{6} (t)} + 4 \times \frac{R^{3} {&Integral;}_{0}^{t} f (x) R {(x)}^{2} R (t - x) R^{'} (t - x) d x}{1 - R^{6} (t)}$ 。 $R_{S} (t) = 2 \times \frac{R {(t)}^{4} {&Integral;}_{0}^{t} f (x) R (x) R^{'} (t - x) d x}{1 - R^{6} (t)} + 4 \times \frac{R^{3} {&Integral;}_{0}^{t} f (x) R {(x)}^{2} R (t - x) R^{'} (t - x) d x}{1 - R^{6} (t)}$ .

Claims

1. the reliability estimation method of a function integrity strategy, it is characterised in that:

Assume that function can equipment undertakes in recombination system function be independent, function can before and after recombination system function integrity, Each equipment provides indiscriminate function services；First function can be divided with functional independence for criterion by recombination system；False If function can have n equipment each to undertake the function { k of correspondence by recombination system₁,k₂,…,k_n, if l device fails, N-l functions of the equipments restructuring, the function of execution is designated as respectivelyAnd now can complete assigned tasks, but l During+1 device fails, this function can cannot be carried out function integrity and complete assigned tasks by recombination system, and now function can weigh Group system lost efficacy；Function can remain to when device fails in recombination system recombinated assigned tasks by functions of the equipments Probability is restructuring reliability；

As l=1, namely requirementRemain to the probability keeping normally working, there is appointment function k_iAnd k_j, i ≠ J, i=1,2 ..., n, j=1,2 ..., n, can certain equipment of recombination system lose efficacy in t once function, the two merit A function can be merged intoAnd by function k_iOr function k_jCorresponding equipment performs, and remaining n-2 equipment performs { k₁, k₂,…,k_nRemaining function in }；Thus, affecting function the inefficacy of reliability model can exist two after recombination system function integrity The situation of kind:

The first situation is that the equipment lost efficacy undertakes function k_iOr function k_j；

Probability P the most now₁For:

P_{1} = C_{2}^{1} R^{n - 2} (t) {&Integral;}_{0}^{t} f (x) R (x) R^{'} (t - x) d x - - - (1)

Wherein it is assumed that the Reliability Function of all devices is identical, being R (), corresponding failure dense function is f ()；Merit Can restructuring after undertake multiple function equipment Reliability Function be R'(), t is task time；

The second situation is that the equipment lost efficacy does not undertakes function k_iThe most do not undertake function k_j；

Probability P the most now₂For:

P_{2} = C_{n - 2}^{1} R^{n - 3} (t) {&Integral;}_{0}^{t} f (x) R^{2} (x) R^{'} (t - x) R (t - x) d x - - - (2)

Assuming that event A is function can complete assigned tasks by recombination system, it is assumed that event B is that function can recombination system generation merit Can recombinate, namely function can have equipment failure in recombination system, thus restructuring reliability R is expressed as:

R = P (A | B) = \frac{P (A \cap B)}{P (B)} - - - (3)

Defined by formula (1) and formula (2) and know,

P (A ∩ B)=P₁+P₂ (4)

And probability of happening P (the B)=1-R that recombinatesⁿ(t), RⁿT () is the probability that t n equipment normally works, thus according to formula (3):

\begin{matrix} R_{S} (t) = \frac{P (A \cap B)}{P (B)} = \frac{P_{1} + P_{2}}{P (B)} \\ = \frac{C_{2}^{1} R^{n - 2} (t) {&Integral;}_{0}^{t} f (x) R (x) R^{'} (t - x) d x + C_{n - 2}^{1} R^{n - 3} (t) {&Integral;}_{0}^{t} f (x) R^{2} (x) R^{'} (t - x) R (t - x) d x}{1 - R^{n} (t)} \end{matrix} - - - (5) .