Information Technology Reference
In-Depth Information
a method should also be rather comprehensive and undemanding in the terms
of computational power [4], [5]. Markov chains meet all these requirements.
Paper is focused on problems that arise when an impact of a recovery
on the SIL is quantitatively analysed. There have already been attempts to
quantify the impacts of the recovery on the safety of the system [2], based on
either numerical solving methods or ones that derived a closed-form equations
valid under rather restrictive assumptions. Presented solution of those prob-
lems is based on a convenient combination of the Continuous Time Markov
Chains (CTMC) and the Discrete Time Markov Chains (DTMC).
2
Theoretical basis
Principals of the Markov model of the impacts of a recovery on the SIL are
shown in the Fig. 1. Creation of the Markov model can be divided into two
phases.
Fig. 1. Important states of a control system in SIL analysis
Identification of stochastic events and their outcomes (hardware failures
and failure modes for instance) is the first phase of a Markov analysis. Iden-
tified events have in common that their occurrence makes the system change
its state from the initial state F (failure free, safe state), to several degraded,
but still operating and safe states. System eventually ends in an absorbing
state. One absorbing state in the model, the hazardous state H, is always nec-
essary. Optionally, there can be two absorbing states in the Markov model in
safety analysis; the other one would be the safe state S (that is reached after
a detection and negation of a detectable failure that occurred in the system).
If the time instants of events occurring in the system are an exponentially
distributed random variable, then Markov chain describing such a system
is referred to as homogenous CTMC. Transition rates of the homogenous
CTMC are constant, which means that such a model is invariant in shifts in
time (an analogy to the exponential distribution).
P
(
t<T
≤
t
+
t
0
|
T>t
)=
P
(
T
≤
t
0
)
(2)
