HUANG Cheng-geng(黄承赓), LI Yan-feng(李彦锋), LI Shu-ying(李姝颖), LI Hai-qing(李海庆)

School of Mechanical and Electronic Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China

Dynamic Fault Tree Analysis for Explosive Logic Network with Two-Input-One-Output

HUANG Cheng-geng(黄承赓), LI Yan-feng(李彦锋)*, LI Shu-ying(李姝颖), LI Hai-qing(李海庆)

SchoolofMechanicalandElectronicEngineering,UniversityofElectronicScienceandTechnologyofChina,Chengdu611731,China

The explosive logic network (ELN) with two-input-one-output was designed with three explosive logic gap null gates. The time window of the output of the ELN was given, after which the dynamic fault tree analysis was implemented. Two dynamic failure modes of the ELN were obtained, and then their own Markov transition processes were established. After that, the probability of failure was calculated from the corresponding state transition diagram. The reliability of the ELN which was in different length of time under the ambient incentive was then analyzed. Based on the above processing, the reliability of the ELN can be improved.

explosive;dynamicfaulttree;fuse;reliability

Introduction

The explosive logic network(ELN) was first proposed by Silvia[1]who designed the explosive logic null gates to achieve its functions. This network can achieve its explosive train control by input from detonation signal and is mainly composed of input, output, and basic logic null gates. The networks can precisely control direction of aiming warhead detonation wave, and can be widely used in the fuse safety control systems and related systems. It has also been widely used in a number of areas of strategic weapons, conventional weapons (such as missiles and torpedoes), and in aerospace. It is a new initiation technique, and plays a very important role in improving the national defense science and technology strength. ELN is an explosive system which combines both logic functions and computing function. It can be divided into “single output” ELN and “multi-output” ELN classified by the output. The most basic module in a single logical network is the ELN with two-input-one-output. It is a combination of elements, such as an explosive logic null gate, which has two inputs and one output. It will produce output only when the inputs detonate in a specific order and within a predetermined time window. This structure is part of a sequence of low energy-line explosion, which comes with their own insurance flame-proof functions.

Based on the mathematical theory of reliability about in-line explosive sequence insurance component[2], Ji and Jiao[3]conducted a study which was upon the specific single-output ELN and analyzed its safety reliability with the help of fault tree analysis. However, it did not deeply discuss about various events occurring in sequence by ambient excitation. In this paper, for the ELN with two-input-one-output under thermal shock conditions and electromagnetic interference, the safety and reliability of the ELN are studied by the use of dynamic fault tree analysis. Combined with the process of Markov transition, the probabilities of the ELN is analyzed, on condition that the insurance of the system fails. Finally, the reliability of the mathematical model based on dynamic fault tree is analyzed.

1 ELN with Two-Input-One-Output

1.1 Theory and structure

The ELN with two-input-one-output is mainly composed by an explosive logic null gate and a high precision detonator. The explosive logic null gate is a fundamental component of the explosive logic network. It can be classified into three categories, including an explosive logic gap null gate, an explosive logic corner null gate, and an explosive logic contact null gate. The explosive logic gap null gate has been chosen because of its high reliability. Its structure is shown in Fig.1. It can make use of the lengthways detonation wave to destroy the crosswise charge to achieve the function of switch. On the contrary, the detonation of the crosswise can’t spread into the lengthways trail. The diameter of the cannelure could be designed about 1 mm, and the size of the gap is around 0.7 mm[4]. It can realize the function of complex logic and the calculation. In this paper, the designed ELN with two-input-one-output consists of three explosive logic null gates and several straight detonation channels, as shown in Fig.1.

Fig.1 Explosive logic null gate

1.2 The time windows of the system

In the ELN shown in Fig.2, I represents its input, O represents the output, N represents the explosive logic null gate, C represents the corner. High precision detonator should be connected to the input. ELN will have output only when the inputs are in the specific order and in its time window. Otherwise, the system has not any output. Various working conditions are described as follows.

Fig.2 ELN with two-input-one-output

(1) If there is input I1, the detonation wave will propagate along the channel of I1N1to cut off null gate N1; moreover, the detonation wave will also propagate along the channel of I1C1C2N3to cut off null gate N3. There won’t be any output. The system can realize the insurance function in the case of misinput stimulated by environment.

(2) If there is only input I2, one detonation wave will propagate along the channel of I2N2to cut off null gate N2, and the other detonation wave will not propagate near null gate N2. The system also can realize the insurance function;

(3) Based on the analyses of the above two cases, when there are I2and I1in turn, the system ELN has not any output.

The effective output process is described as follows: firstly, there is I1causing propagation of detonation wave along the channel of I1N1, and it will cut off N1null gate; then the other detonation will propagate along route of I1C1C2N3, meanwhile, the detonation caused by I2input will propagate along I2C3N3into N3ahead of the detonation of propagation along I1C1C2N3; consequently, the ELN system will have an output. The specific logic relation is represented as:

O=I1∩I2.

(1)

The time windows are:

t1+t(I1N1)

(2)

t2+t(I2C3N3)

(3)

Supposing that

τ=t1-t2,

τ1=t(I1N1)-t(I2C2N3),

τ2=t(I1C1C2N3)-t(I2C2N3),

ifτstands for the time that I2lags behind I1and the time window meets the relation:τ1<τ<τ2, the system is supposed to have an output.

2 Assessment

2.1 A brief introduction to dynamic fault tree

Dynamic fault tree is the fault tree that contains at least one dynamic logic gate. Compared with traditional fault tree analysis methods, the dynamic fault tree covers the performance of dynamic systems and is related to the sequence of events. The analysis of dynamic fault tree cannot be simply represented by a combination of low events, and it needs to consider the sequence of low incident during the analysis. Therefore, a Markov model is introduced in the following fault tree analysis.

The logic gates of traditional fault tree mainly contain AND-gate, OR-gate, NON-gate,etc. To accurately show the dynamic conversion relationship, two key dynamic logic gates and their corresponding Markov chain are introduced in this paper.

2.1.1 Priority AND-gate

In the dynamic fault tree, the priority AND-gate is logically consistent with the AND-gate. However, the priority AND-gate is that the input events must occur in the specified order. As shown in Fig.3, if events A and B both occurred, and A occurred before B, there is an output, that is to say the system is operational; otherwise the system is in the state of failure. Figure 3 shows the result of its conversion to Markov chain.

In Figs.3 and 4, A, B, and C denote the lower events respectively, the abbreviation of Fa and Op indicate the failure state and the operational state. Moreover, in the left part of the Fig.4, S, E, and Q mean the sequences of the lower event.

Fig.3 Priority AND-gate and it’s Markov transition diagram

2.1.2 The sequence-enforcing gate

The sequence-enforceing gate will have an output only if the lower events occurred from left to right in the order, otherwise there is no output. Figure 4 indicates the sequence-enforcing gate and the right part of Fig.4 shows the result which it converts to the Markov transition.

Fig.4 Sequence-enforcing gate and its Markov transition diagram

2.2 Dynamic analysis of the system

Based on the structure and the theory of the two-input-one-output ELN and the determination of the top event in the fault tree analysis, the top event can be identified as the error output of the system. According to the principle from the top to the bottom, the bottom event can be confirmed as well as the failure mode of the system. The dynamic fault tree is shown in Fig.5.

Fig.5 Dynamic fault tree of the system

In the dynamic fault tree, events A and B are assumed to be the first and the second insurance safety failures. SupposeX02andX03are the second and the third null gate failures,X1andX2are the first and the second input safety failures.

2.3 Markov state transition process of the system

In the process of handling, storage, and usage, the ammunition in each stage has certain environmental incentives such as force impact, thermal shock, and electromagnetic interference. In order to simplify the analysis, the probability distribution is assumed the same as they appear. In these cases of the environmental incentives, the state of various parts of the fuse might fail, or be normal. According to the analysis of Wang and Yang[5]on the fuse safety system and ELN, we can know the conversion process is a Markov process, and its failure distribution is exponential distribution with no after effect characteristics.

Supposing that the system is in safe stateS0att, due to the ambient incentives, the failure process of the system is the Markov transition process. Further assuming that the failure rates of the second and the third null gate areλN2andλN3, respectively, the failure rates of input I1and I2areλ1andλ2. The Markov state transition probability graphs of the A-case insurance failure and the B-case insurance failure have been given in Figs.6 and 7. In the diagram,SN2andSN3stand for the failure states of the second and the third null gates, respectively.SN3I1is the state of error explosion of I1after the third null gate’s failure,S1is the safety failure of the system, andS2is the safety failure in the case of wrong sequence of each failure mode.

Fig.6 State transition diagram of A-case insurance failure

Fig.7 State transition diagram of B-case insurance failure

2.4 Quantitative analysis of the Markov transition process

According to Silvia’s work[6], the failure rate of the null gate is 10-3. When the entire system is under the environment incentives, based on the results provided in Ref. [3] , the value of the detonator’s failure rate is 3×10-4. When the system is in the suitable incentives including the appropriate storage temperature, external pressure, and the electromagnetic radiation field conditions, the value of the failure rate of each component is 0. In the following part, the system works in a complex environment where particular force impacts, thermal shocks, and electromagnetic interference occasionally take place.

Based on the quantitative analysis step of the Markov chain of the dynamic fault tree, the state of the system is defined, and then the random process needs to be defined. The corresponding state transition diagram is drawn and then its transfer rate matrix is written. Finally, the results from solution of the differential equation are obtained. In this paper, the first three steps are elaborated. The approach proposed by Gao[7]was used to simplify the analysis process. Markov chain state transition of different lengths is discussed in detail. Then the top event’s probability of occurrence which is also the failure probability of the system is obtained, as shown in Eq. (4).

(4)

wherenis the length of Markov transition chain,λr, r+1is the value of the state transition probability, namely, the failure rate of the corresponding component, andλk, k+1has the similar meaning. Using the dynamic fault tree analysis method, the failure modes of the ELN system can be obtained, which are shown as follows:

Fromthetwofailuremodesmentionedabove,weonlyneedtocalculatethespecificfailureprobability.Thetopevent’sfailureprobabilityisthesumoftwofailureprobabilities.Accordingtothesimplifiedexponentialdistribution,theinsurancesafetyfailureofeventBiscalculated.Theparametersneededinthisequationarelistedasfollows:

λ01=λN2=10-3,λ12=λ2=3×10-4,λ23=0.

Supposethatthevaluesoftimeare10, 100,and1 000h.SettingthelengthofMarkovtransitionchainisequalto2,andthecorrespondingresultsareshowedinTable1.

Table 1 B-case insurance failure probability

t/h101001000PB(t)1.8909×10-51.4×10-39.941×10-2

However, there is a special case for that whenλ12=λ23, the denominator of the formula is 0. To make the results reasonable, the following parameters are set:

λ01=λN3=10-3, λ12=λ1=3×10-4,

λ23=λ2=4×10-4,λ34=0.

Setting the length of Markov transition chain is equal to 3, and the results are shown in Table 2.

Table 2 A-case insurance failure probability

t/h101001000PA(t)2.9902×10-43.0937×10-41.35×10-2

The failure probability of the system isPsys(t)=PA(t)+PB(t). The system’s reliability function isRsys(t)=1-Psys(t). The reliability of this two-input-one-output explosive logic network under the ambient incentives were calculated and shown in Table 3.

Table 3 Reliability of the ELN system

t/h101001000Rsys(t)0.99970.99830.8871

With the above results, it can be found that no matter in the A-case insurance or the B-case insurance, the failure probability of the ELN is very low under the external environment incentive effect continuously in 10 h. However in the case of 100 h, the insurance probability of failure of B-case is five times as that of A-case. Therefore, the system failure is mainly caused by the B-case insurance failure. Most significantly, in the case of 1000 h, the insurance probability of B-case is 7.4 times as that of A-case. To improve the system reliability, we should focus on the reliability of the B-case insurance. The particular method of improving the reliability of the two-input-one-output explosive logic network is to use a special processing method to prevent the second detonator explode unexpectedly. It is also dispensable to improve the reliability of the second null gate.

3 Conclusions

In this paper, the explosive logic gap null gates and several lengths of straight line cannelure are used to design the two-input-one-output ELN, and the corresponding basic time window is derived. On the basis of the original analysis of the static fault tree, the ELN with two-input-one-output’s dynamic characteristics is analyzed and then a dynamic fault tree model is established. Then, two dynamic failure modes are obtained. The failure process of system is converted into a Markov process, and a detailed analysis of each failure mode’s Markov characteristics are carried out. Finally, the specific probabilities of failure under continuous external environmental effects in different length time with each failure model are shown. The probability of failure of the top event and reliability of its system are also obtained. The results obtained by using the method proposed in this paper are consistent with results given in Ref. [3]. Furthermore, compared with the results in Ref. [3], the proposed method improves the dynamic characteristics. A number of characteristics of system reliability are also analyzed and some improvement methods for the safety and reliability of ELN with two-input-one-output are discussed.

[1] Silvia D A. Explosive Circuits: US, 3728965[P]. 1973.

[2] Silvia D A. The Worst-Case Mathematical Theory of Safe-Arming[R]. Army Ballistic Research Lab Aberdeen Proving Ground MD, 1984.

[3] Ji L G, Jiao Q J. Single Output Explosive Logic Network Safety Reliability Research[J].JournalofBeijingInstituteofTechnology, 1997, 17(4): 444-450. (in Chinese)

[4] Wen Y Q, Lu B, Jiao Q J. The Design of Improving Gap Null Gate and Its Reliability Study[J].Initiators&Pyrotechnics, 2001(4): 6-8. (in Chinese)

[5] Wang J B, Yang F. Application of Markov Theory in Safety and Reliability Analysis for the Explosive Logic Network[J] .Initiators&Pyrotechnics, 1998(4): 18-21. (in Chinese)

[6] Silvia D A. Explosive Logic Safing Device: US, 4412493[P]. 1983.

[7] Gao S C. Methods and Implementation of Dynamic Fault Tree Analysis[D]. Hunan: Graduate School of National University of Defense Technology, 2005. (in Chinese)

Foundation item: National Natural Science Foundation of China (No. U1330130)

TJ430.33 Document code: A

1672-5220(2015)01-0140-04

Received date: 2014- 08- 08

*Correspondence should be addressed to LI Yan-feng, E-mail: yanfengli@uestc.edu.cn