Until recently, Markov models and analytical methods were fairly obscure mathematical techniques rarely applied outside of academic settings. The advent of functional safety standards, particularly IEC 61508 (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems) has changed that; it brings Markov to the fore in the testing for functional safety, which requires the analysis of disparate failure modes from a safety perspective.
Markov modeling is named after the Russian mathematician Andrei Markov, professor at St. Petersburg University at the turn of the 19th century. Markov is known for his study of Markov chains: sequences of random variables in which the future variable is determined by the present one, but independently of how the present one developed from its predecessors. This work was the origin of the theory of stochastic processes that predict a set of possible outcomes weighted by their possibilities.
There are four types of Markov Models that are used in functional safety applications: Continuous State/Continuous Time, Continuous State/Discrete Time, Discrete State/Continuous Time, and Discrete State /Discrete Time. Of these four types, the first two are used more in applications such as co-occurrence trend analysis and computer generated imagery (CGI), while the latter two are found more frequently in the field of reliability engineering. The latter two tend to be applied more analytically and numerically, respectively.
“Markov can model probabilistic properties of a system, so you can definitely use it for reliability or maintainability analysis,” says Thomas Maier, principal engineer at UL. “It has become an important tool for functional safety certification.”
How Markov Applies
From a functional safety perspective, when considering a redundant two-unit system, there are two possible states for each unit: pass or fail. So in total there are four possible states: both pass, both fail, “A” passes and “B” fails, and “A” fails and “B” passes.
“The Markov model focuses on state transitions,” Maier explains. “You have states and go from one to the other; the transition occurs when some event or condition becomes true.” A Markov model does more than describe the events of transitions or conditions; it also specifies the probabilities that apply to those events. In fact, the events or positions between states are probabilities. There is a certain probability that something will fail. If that happens, the system moves into another state: the failed state.
“In functional safety, this is really the same issue as reliability,” says Maier. “What we need in the end is an overall failure rate, an overall probability that the system will be in a certain state. So for functional safety what really matters is the state in which both units have failed. If each unit represents one channel, and the system is a redundant dual channel system, it is crucial from a functional safety point of view that at least one of those channels works.”
If one’s interest were about a functionality other than safety—say, maintenance—the other states would be of greater interest; but, from a purely functional safety point of view, the interest lies in the dangerous failure rate (i.e., the probability of failure per hour or probability of failure on demand). The Markov model will yield the dangerous failure rate.
When Markov Applies
There is no functional safety standard that explicitly requires Markov; it is one of several recommended methods that include classic reliability calculation methods such as block diagrams and fault tree analysis. In a simple dual channel system, a component can enter a failed state but cannot return to the passing state once the failed state has been entered, either because no repair is possible or because there is no detection capability that can tell whether a component has reentered the passing state.
“But often you have some detection in the system that can tell when one of the two channels has failed and when either of the channels returns to the passing state,” notes Maier. “For these more complex systems, you have both a detection rate and a failure rate. For modeling this more complex type of system, the Markov model is better than other methods.”
Today’s software tools make computationally complex Markov analyses easier to perform than in the past, and a number of commercial tools have been developed to make it simple to model complex systems. With these commercial tools, one simply draws the state transition model, and the software will perform all the calculations. “If you understand a bit of the math behind Markov, you can easily make your own Excel application to do Markov calculations,” says Maier.
The principal benefit of Markov is that it is the most flexible method. Functional safety standards, especially those derived from IEC 61508, require a quantitative estimate of safety. This means probabilistic calculations. Markov is the method best suited to model the diagnostics and other aspects of modern safety-related systems.
How UL Advisory Services Can Help
UL Advisory Services can assist companies in determining when and how to use Markov modeling correctly, and when a simpler analytical method would be adequate.
They can assist your organization with understanding and using the commercial analytical tools used in the application of Markov models, as well as with understanding the basic mathematics of this modeling and how things are connected from a mathematical point of view. For those who make their own Excel applications for Markov, Advisory Services can evaluate and validate those applications.
All functional safety standards (e.g., IEC 61508, IEC 61800-5-2, ISO 13849, IEC 62061, etc.) require some type of quantitative analysis, and there are multiple paths to consider. UL Advisory Services help you find the right path in the most economical manner. For more information on the use of Markov models, or for more information on how UL can help your company with functional safety issues, please contact:
Kevin Connelly
631-546-2691
[email protected]
Or visit us on the web at: www.ul.com/functionalsafety.
