Abstract
When deciding whether to accept into service a new safety-critical system, or choosing between alternative systems, uncertainty about the parameters that affect future failure probability may be a major problem. This uncertainty can be extreme if there is the possibility of unknown design errors (e.g. in software), or wide variation between nominally equivalent components.We study the effect of parameter uncertainty on future reliability (survival probability), for systems required to have low risk of even only one failure or accident over the long term (e.g. their whole operational lifetime) and characterised by a single reliability parameter (e.g. probability of failure per demand – pfd). A complete mathematical treatment requires stating a probability distribution for any parameter with uncertain value. This is hard, so calculations are often performed using point estimates, like the expected value.We investigate conditions under which such simplified descriptions yield reliability values that are sure to be pessimistic (or optimistic) bounds for a prediction based on the true distribution. Two important observations are (i) using the expected value of the reliability parameter as its true value guarantees a pessimistic estimate of reliability, a useful property in most safety-related decisions; (ii) with a given expected pfd, broader distributions (in a formally defined meaning of “broader”), that is, systems that are a priori “less predictable”, lower the risk of failures or accidents.Result (i) justifies the simplification of using a mean in reliability modelling; we discuss within which scope this justification applies, and explore related scenarios, e.g. how things improve if we can test the system before operation. Result (ii) not only offers more flexible ways of bounding reliability predictions, but also has important, often counter-intuitive implications for decision making in various areas, like selection of components, project management, and product acceptance or licensing. For instance, in regulatory decision making dilemmas may arise in which the goal of minimising risk runs counter to other commonly held priorities, like predictability of risk; in safety assessment using expert opinion, the commonly recognised risk of experts being “overconfident” may be less dangerous than their being underconfident.
Highlights
Predictions of reliability and safety through probabilistic modelling depend on the values of model parameters, e.g. component failure rates, which are often uncertain.The main application scenario that motivates our research involves decisions on accepting a software product for use in a safety critical application requiring low accident probability over the operational life of the system in which it is embedded
When evaluating a system with given mean pfd, if we define a “bounding pfd distribution” for the reliability parameter, according to the “broader distribution” relation and associated partial ordering of Section 5.2, we obtain a numerical bound on the reliability function;
We have proved useful results for the many situations in which there is reasonable confidence about the expected value of a reliability parameter, but not about its distribution:
Summary
Predictions of reliability and safety through probabilistic modelling depend on the values of model parameters, e.g. component failure rates, which are often uncertain. We must predict S’s probability of surviving t future discrete, independent demands – its reliability R(t) in discrete time – with t an upper bound on the lifetime number of demands, if accident-free.1 This would be straightforward except for uncertainty about the pfd value [3], arising e.g. because pfd is:. Guessed using indirect evidence, as e.g. often done for pfd s due to software design faults This uncertainty can in theory be rigorously described by a subjective probability distribution for the value of each parameter. The practical approaches, e.g. in the nuclear industry [13, 15], are essentially of two kinds: qualitative criteria for accepting evidence (e.g., requiring that parameter value be derived from evidence that is more clearly pertinent to the specific plant, the more critical the parameters in question are) and numerical methods for performing either sensitivity analysis or calculations taking into account the complete probability distributions that describe uncertainty on the parameters.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
