Purpose. This article describes the issues of planning testing scope for high-reliable objects. The development and manufacture of new samples of equipment is accompanied by a task to define their reliability characteristics. It is based on the fact that there are requirements related to the necessity to specify the above mentioned characteristics in certificates and technical descriptions of the products supplied to the market. The most objective way to define reliability characteristics of the products is a field test. But under the manufacture of complex expensive objects there is no opportunity to introduce a batch with lots of finished products for testing. Thus there is a task to define the duration of field testing and scope of products to be tested, provided there are requirements for the accuracy of estimations related to the objects’ reliability characteristics obtained as the result of testing. Planning of the scope is based on the requirements of a manufacturer related to a necessity to confirm the value of lower bound of reliable operation probability with a predefined confidence level. Two tasks are solved in this work. The first task is to define the scope of testing of a batch with finished products N₀ for a time moment t₀, for which a customer’s requirement would be fulfilled related to the achievement of the lower bound of probability of reliable operation, specified with a confidence probability 1 - α. This task is solved using a поп-parametric approach. The second task is to define a required scope of test Nt1 of the equipment of this type for the time moment different from the moment of first studies t₁ ≠ t₀. Here one solves the question: how are N_t0 and N_t1 correlated? The scope of tests N_t1 is defined based on the determination of confidence levels providing with the same accuracy of indices as in point t₀. This task is solved with a semiparametric approach. When solving the second task, the parameterization of mean time to failure distribution is used. Three types of distribution are studied: exponential law, Weibull distribution and distribution with linear function of a failure rate. The considered types of distribution laws help to study the behavior of the objects with a decreasing, constant and increasing function of failure rate. Methods. The formulas for calculation of test scope for different durations of a test-run are derived. Dependence of scope on the duration of a test-run and on a real level of probability of reliable operation is studied as well. Scope planning and respective studies are carried out for different behavior models of a failure rate of the product. Conclusion. Obtained results give the basis for a well-reasoned approach to the planning of scope of tests of high-reliable objects. The study results showed that the longer a test-run is, the fewer objects are required to be introduced for a test. Dependence is non-linear; it is specified by the parameterization of the failure rate function. Analogous dependence was also obtained for the probability of reliable operation: the higher the PRO is, the fewer objects are required to be tested.

Purpose. To define quantitative estimates of reliability indices of redundant radio electronic systems, the methods of reliability theory, analytical methods or simulation modeling are applied. This paper describes the application of these methods for systems of diverse complexity, as well as the complex of programs “Dialogue” developed for the calculation of reliability indices. Methods. The main obstacle for wide application of the simulation modeling method to obtain the reliability indices is high labor intensity of the creation of these models. The current software tools are not very useful. This problem can be solved using the developed complex of programs “Dialogue”. This is achieved by creating the simulation models programs automatically on the basis of input initial data. The time of creation of a model is determined by the time of the input. Generating of the simulation models is based on the principle that if the system’s behavior in case of failures is determined only by its scope structure, connections between components, failure criteria and redundancy switches, i.e. when the system’s response to a failure of its component is uniquely defined in advance, then it will be possible to create models with equal structures for the systems with any configurations. It helps to create the basis for the initial text of the model, common for all simulation models of this type. Such basis forms a permanent part of the model, and the data which define the specifics of failure behavior of the concrete system, are set in form of insertions to the main text. Results. The complex of programs that is being described is intended to calculate the reliability indices of different technical systems using simulation models, and its consists of the program for the description of system to be simulated “Dialogue-OS”, the program for the model synthesis “Dialogue-Synthesis” and special sub-programs combined to a separate library. The complex helps to create specialized simulation models of redundant systems which undergo statistical tests, and based on the obtained results the reliability indices are defined. Using the complex “Dialogue” we can obtain the following reliability indices: 1) probability of reliable operation for a predetermined period of time, 2) failure rate at the end of a predetermined period of time, 3) mean time to failure, 4) data to build a graph of dependence of the probability of reliable operation on time, 5) data to build a graph of dependence of the failure rate on time. Conclusion. This article provides the results of calculations carried out by theoretical methods, and by the method of simulation modeling that show a good coincidence (relative error is not more than 1%). The complex “Dialogue” makes it possible to calculate the reliability indices of redundant radio-electronic systems of any complexity with accuracy sufficient for practice. It should be noted that the complex “Dialogue” allows for creating the simulation model of reliability for redundant radio-electronic systems, whose reliability characteristics can not be calculated by theoretical methods due to their complexity.

Purpose. Within the framework of this work the following purposes were set: study of physical mechanisms of degradation of performance of nanosized field-effect transistors caused by interruptions of Si-H; study of possible influence of cosmic rays on the reliability of nanosized field-effect transistors; development of a model to forecast the reliability of nanosized field-effect transistors considering possible influence of cosmic rays. To achieve the above listed purposes it was necessary to analyze: modern models used to forecast the reliability of nanosized field-effect transistors; data of the scope and intensity of cosmic-ray flux depending on energy. Results and Conclusion. According to the results of work, the most relevant physical model used to forecast reliability is the Bravais model which considers the following mechanisms of degradation of performance of nanosized field-effect transistors: - single Vibration Excitation - SVE, when the interruption of Si-H is initiated by one carrier with enough energy; - electron - Electron Scattering - EES, when the interruption is initiated by the carrier which received some energy from another carrier as the result of collision ionization, and thereafter having enough energy to interrupt the connection; - multi Vibration Excitation - MVE, when the Si-H interruption is initiated by a sequential bombing of connection by the carriers having energy not enough to interrupt the connection. It has been shown that cosmic-ray protons having high initial energy can penetrate through the structure of a field-effect transistor, losing a part of their initial energy by ionization losses, and achieve a Si/Si02 boundary. When achieving the boundary protons may have energy sufficient for the initiation of dissociation of Si-H connections by two mechanisms: single Vibration Excitation of Si-H affected by a proton - SVEp is when a single proton having enough energy for interruption runs into a hydrogen atom, and initiates the Si-H dissociation; collision ionization by analogy with the electron - electron scattering described in the Bravais model, in this case there may be the Proton-Electron Scattering - PES. The Bravais model served as the basis for the development of the model to forecast the reliability of nanosized field-effect transistors that considers possible influence of cosmic rays, and helps to give a more accurate forecast of reliability of electronic devices based on nanosized field-effect transistors. This work reflects modern ideas of forecasting the reliability of nanosized field-effect transistors, describing main physical mechanisms of degradation of performance of nanosized field-effect transistors. This article shows that the reliability forecasting models developed for field-effect transistors with a long channel are not suited to modern nanosized devices due to differences in degradation mechanisms. Within the frameworks of this work it was shown that there is a probability of cosmic rays influence on degradation. As the result a model was developed to forecast the reliability of nanosized filed-effect transistors that shall consider such influence.

Purpose is to propose and study a mathematical model of optimization of maintenance of overhead devices, which considers the scope of recovery of service life. Methods. The analysis of this issue has proposed a strategy and a mathematical model of optimization of maintenance of overhead system, as a kind of a long length object that may undergo preventive replacements and overhauls with minimum emergency repair in case of failures of the overhead system. Besides, the paper describes several particular cases of the general model when performing only preventive replacements, or only preventive overhauls. To take into account the scope of service life recovery when performing a preventive overhaul, we use the parameter, which means the “age” of a long length object and which is defined as the difference between its pre-repair service life and inter-repair service life, related to the pre-repair service life. Results. At the given values of the number of preventive overhauls and scope of service life recovery, we obtained the expressions to define the optimal frequency of preventive overhauls and replacements of overhead system, as well as the optimal specific operating expenses. At the given values of the frequency of preventive replacements and scope of service life recovery, we obtained the expression to define the optimal number of preventive overhauls up to the replacement of overhead system. Conclusion. To take into account the scope of service life recovery after overhaul, it is advisable to use the parameter which is defined as the difference between pre-repair service life and inter-repair service life, related to the prerepair service life of the overhead system. The proposed mathematical model of optimization of maintenance makes it possible to define the optimal frequency of preventive overhaul and replacements of overhead system, as well as the optimal number of overhaul for the period of the overhead system operating life under the given scope of recovery of service life.

Purpose. The paper describes main concepts and definitions, survivability indices, methods used to estimate survivability in different external and internal conditions of application of technical systems, including the studies in the field of structural survivability obtained 30 years ago within the frames of the Soviet school of sciences. An attempt is made to overcome different understanding of technical survivability, which has been formed by now in a number of industrial directions - shipping, aviation, communication networks, energy systems, in industries of defense. Besides, the problem is discussed in relation to the establishing of the continuity between technical survivability and global system resilience. Technical survivability is understood in two basic meanings: a) as a property of a system to resist to negative impacts; b) as a property of a system to recover its operability after a failure or accident caused by external reasons. This article also describes the relation between structural survivability, when the logic of system operability is binary and described by a logical function of operability, and functional survivability, when the system operation is described by a criterion of functional efficiency. Thus, a system failure is a fall in the level of its efficiency lower than the value predetermined in advance. Methods. Technical system is considered as a controlled cybernetic system installed with specialized survivability aids (SA). Logical and probabilistic methods and results of combinatorial theory of random placements are used in the analysis. It is supposed that: a) negative external impacts (N1) are occasional and single-shot (one impact affects one element); b) each element of the system has binary logic (operability - failure) and zero resistance, i.e. it is for sure affected by one impact. Henceforth this assumption is generalized for the r-time N1 and L-resistant elements.Besides, the work describes the variants of non-point models when a system’s part or entire system are exposed to a group specialized affection. It runs about the variants of combination of reliability and survivability, when both external and internal failures are analyzed. Results. Different variants of affection and functions of survivability of technical systems are reproduced. It has been educed that these distributions are based on simple and generalized Morgan numbers, as well as Stirling numbers of the second kind that can be reestablished on the basis of simplest recurrence relations. If the allowances of a mathematical model are generalized for the case when there are n of r-time negative external impacts and L- resistant elements, the generalized Morgan numbers which participate in the estimate of the affection law, are defined based о nthe theory of random placements, in the course of n-tuple differentiation of a generator polynomial. In this case it is not possible to establish recurrence relation among generalized Morgan numbers. It is shown that, under uniform allowances for a survivability model (equally resistant elements of the system, equally probable negative external impacts) in the core of relations for the function of system survivability, regardless of the affection law, there is a vector of structure redundancy F(u), where и is the number of affected elements, F(u) is the number of operable states of the technical system under и failures. Conclusion. Point survivability models are a perfect tool to perform an express-analysis of structural complex systems and to obtain approximate estimates of survivability functions. Simplest allowances of structural survivability can be generalized for the case when the logic of system operability is not binary, but is specified by the level of the system efficiency. In this case we should speak about functional survivability. Computational complexity PNP of the task of survivability estimation does not make it possible to solve it by the simplest enumeration of states of the technical system and variants of negative external impacts, it is necessary to look for the ways to egress from the blind enumeration, by transformation of the system operability function and its decomposition, as well. Development and implementation of survivability property into a technical system should be conducted with consideration of the property which is assured in biological and social systems.

PART 2. Multivariate calculations

This paper is a closing article to the first one [1] and it reproduces multivariate calculations by the procedure described in the references. Computational complexity of the task of survivability estimation and the ways to overcome this problem are discussed. We also deal with a passing from structural survivability to the tasks of functional survivability, establishing a conceptual joint between technical survivability and mobilization resilience in economy.

Purpose. Today, the reliability of protection of mission critical objects and objects of increased risk is achieved by applying integrated safety systems, with the integration of subsystems based on control computers. Improvement of survivability of special purpose computers is a critical task that could be solved using the computers with the property of structural stability. Practical realization of such computer is connected with the task of its functional diagnosis and further functional adjustment. This article describes the process of functional diagnosis of structurally stable control computer as a functional system that is fundamentally different from the traditional control of a personal computer made by the known self-checking programs. Methods. To solve the task of functional diagnosis the article offers a mathematical model of test check that may become the basis of functional diagnosis of a control computer. Besides, based on the proposed mathematical model, possible outcomes of the test are analyzed. Results. Analysis of the proposed mathematical model defined the variants of how to minimize the risks of categories I and II, i.e. how to transfer faulty functions to a set of fault-free functions (customer's risk) and to transfer fault-free functions to a set of faulty ones (producer's risk), that is achieved by using a diagnosis practice of “promotion" that is standard for computers. The point is to find an operable “core" - a set of basic functions that help to diagnose the remaining functions of the computer's system of commands. I.e. the “core" with any detected defect is not allowed for further functioning, and a fault-free “core" can serve as rather reliable mean of control. When using this practice, the norm of a single test does not guarantee there is no risk of category I, that explains the common practice of check of each function of the command system by a sufficient sequence of test checks, and the risk of category II does not grow. Conclusion. The proposed model of a functional diagnosis test check made it possible to form the strategy to construct this process for a structurally stable control computer, namely to implement several particular tasks such as: to separate as a specific the task of identification of an operable “core" as a probable cause of risk of category I, that serves as a source of risk of category II; to perform sequential diagnosis of the remaining part of functions as in computing environment with a developed property of slow degradation of functions; to optimize an extending sequence of test checks for each function reducing the risk of category I, irretrievably leading to the growth of time control that is deficit for a pre-staged self-checking; that is also aimed at the adjustment to the current f-state; to proceed with testing in case of negative results using another software implementation to reduce risk of category II; to develop special procedure to substantiate the duration of testing of each function of control computers.

Purpose is to develop a procedure for estimating risks that occur as the result of a signal passed at danger (SPAD) by a shunting or train locomotive, as well as to develop recommendations for reducing risks of train collisions when performing shunting movement at a station. Methods. In Oder to achieve the stated purpose, it is necessary to define the average number of points burst open by shunting locomotives without derailment, as well the average number of derailments of shunting locomotives per year. The availa- bile statistics are used to calculate the average amount of damage from one collision, from a point burst open without subsequent derailment, as well as a point burst open with subsequent derailment. To calculate the average number of damage as the result of a certain injury caused by collision, different types of injuries are considered. Injuries are classified by the level of consequences that are calculated in money terms using a minimum wage. To consider the variability in choosing a route, as well as to obtain the probability of a passenger train collision when passing through a station, the formula of total probability is used. To obtain the probabiity of at least one collision per year, the formula of multiplication of probability is used. To obtain the average number of points burst open and derailments, it is necessary to define the total number of points that are crossed by shunting locomotives at a station per point, the formula of multiplication of probability is used. To define the level of risk caused by the respective unfavorable event, it is necessary to construct risk matrices to define whether there is a necessity in immediate actions to reduce a risk level. Results. We have studied the task of calculation of unfavorable events caused by stop signal violation by a passenger train or a shunting locomotive. It provides the formulas used to calculate the probability of at least one collision of a passenger train at a station per year, the average number of points burst open by a shunting locomotive without subsequent derailment, as well as the average number of derailments per year. It also contains the formulas used to calculate the average damage from unfavorable events. Risk matrices for all unfavorable events have been constructed. The article gives the example of application of the obtained results which is based on hypothetical data, real data and expert analysis. Conclusion. Using the developed procedure we demonstrated its practical functionality. It was obtained that for the set of input data which were analyzed, there should not be any measures taken to reduce risks occurred as the result of points burst open and derailments at the station under consideration. At the same time the collision risk is in the orange area - the area of undesirable risks, and therefore, the measures on risk reduction should be taken. And a quantitative value of the risk occurred as the result of points burst open turns out to be higher than that of the collision risk. The matter is that in case of collision JSC RZD bears additional reputational expenses, doubled by the fact that a derailment occurs at a station with large numbers of people.

 

Purpose. This article offers to focus on the genesis of dependability of unique safety critical systems specified by low probability of failures, using the example of transformable structures of spacecrafts, in relation to which just the possibility of failures can question the reasonability of their creation. It describes the stage of the life cycle of unique mission critical systems at which the measures taken to improve reliability are the most effective, and the stages at which it is already late to take any measures at all. Methods. Neglecting the genesis of unique mission critical systems will inevitably lead to failures at the stage of operation, and the failures are caused by errors in design, engineering, modeling, as well as by different manufacturing deviations. In practice up to 80% of cases are predetermined before the start of operation - “at a drafting machine” and in manufacturing departments, when something was not thought through, taken into account and controlled, making an error or foozling. Reliability of future products depends on the quality of the decisions taken under development, which directly depend on the principles, rules and requirements used under design and engineering. These notions are interrelated, they have a concrete meaning. Principles are used to develop design solutions. Rules are intermedia between theory and practice, they often reflect the gained experience that should be considered in new developments to avoid repeating the errors. Reliability requirements at the stage of engineering are formed as the result of application of goal-oriented procedures and analyses, being established in graphic and text form in design documentation: in technical requirements and on a draft, as well as in technical specification. Satisfying these requirements is finally aimed at undoubted performance by a product of its functional tasks with predetermined reliability. Results. The aspects described in the article, separate the methods of reliability theory which are based on probabilistic and statistical models, with practical engineering methods aimed at the creation of reliable equipment. The field of reliability theory covers the study of behavior of finished products, proceeding from the information about mathematical models that consider stochastic parameters. Real objects in reliability theory are schematized to the models described by probabilistic dependences and having a sampling that can be used for statistical generalization. In practice though, engineers work having no statistics and concepts of probabilistic behavior of a future product, and the collection of methods and algorithms of its operation makes it possible to influence the reliability of real products. Conclusion. This paper shows that the stages of a life cycle of unique safety critical systems before the stage of operation are strictly differentiated by the efficiency of reliability measures. At each stage it is necessary to use certain reliability algorithms and methods that are specific to this particular stage, which may increase the effectiveness when solving the tasks of reliability of unique safety critical systems.

Abstract. In 2015 International Electrotechnical Commission adopted a new international standard IEC 60050-192 that specifies the main terms in the field of dependability with their definitions. It was developed by IEC/TC 56 “Dependability" under control of TC 1 “Terminology" and forms Part 192 of International electrotechnical vocabulary. This standard substituted the previous similar standard IEC 60050-191 adopted in 1990. This article is dedicated to IEC 60050-192, acquaintance with which is required for all specialists in the field of dependability. The new standard is compared with the previous IEC 60050-191, and with the similar Russian GOST 27.002-89. In comparison with IEC 60050-191 the new standard contains the modified content and scope, with exclusion of the sections containing the terms related to the quality of services of telecommunication and electric power systems. Based on that, IEC 60050-192 is entitled just with one word “Dependability". Therefore, now it totally corresponds to its status of a horizontal (i.e. inter-industrial, basic) standard. Terminology in the field of dependability is given in respect to a technical item, with analysis of the definitions of this notion, probable structure of the item and the number of terms specifying the types of items. IEC 60050-192 gives a new definition for “dependability": the ability of an item to perform as and when required. This definition was discussed actively, among the IEC experts who took part in the standard development, and among Russian specialists as well. The cluster of features of dependability has also changed: availability, reliability, recoverability, maintainability and maintenance support performance, and in some cases durability, safety and security. A new notion here is “recoverability” defined as ability of an item to recover from a failure, without corrective maintenance. This paper describes the standard's sections dedicated to an item's states and time notions, failures and faults, maintenance and repair, dependability indices, testing, design or engineering, analysis and improvement of dependability. It introduces and explains the most important terms, specifies new terms that were added to the standard, and those excluded from it. The article pays attention to the fact that certain terms have no adequate Russian equivalents. Though the Russian and international dependability terminologies have much in common, there are still significant differences between them. It is explained by the fact that the standardization of dependability terminology in our country that started half a century ago developed for a long time in isolation form similar work world-wide. Due to such differences the creation of a new GOST to be harmonized with IEC 60050-192 is currently not possible. But nevertheless it is necessary to seek to a maximum possible convergence of the Russian and international terminologies.

The continuous increase of traffic and traction loads cause the increase of loads on power supply infrastructure that leads to the growth of levels of electromagnetic emission. It results in the growth of probability of emergency functioning of overhead system because of which currents achieve very high levels that may lead to serious accidents in related circuits of signalling and remote control facilities. Such accidents often cause different failures affecting the quality and safety of railway traffic, they lead to equipment damages, as well be a reason for fire. The strongest contribution to the total number of accidents with cable lines is made by electromagnetic influence in case of heavy train movement. And as the result of such train passing along the lines with failed grounding a cable is burnt through. The requirements for EMC of infrastructure facilities are getting stricter, including the requirements for reliability and information security of communication and signalling systems. Existing methods used to define induced currents and voltages do not take into account loads that occur in today’s volume of traffic, and do not allow to define the dependence on the parameters of grounding of infrastructure facilities. The parameters of lateral facilities are not taken into account as well. These facilities are located along the track on the whole length of railways. Besides, the grounding parameters change in the course of heavy train moving in different areas. That has become very important to simulate electromagnetic processes in multi-wire systems with consideration of inherent and mutual parameters of lines, as well as ground parameters. But mathematical models of electromagnetic compatibility on railway transport due to its complexity do not always help to obtain the numerical values of induced currents and voltages in the communication circuits and signalling. This article describes an application method of simulation modeling that helps to define the levels of induced currents and voltages in the lateral lines of communication and signalling on the sections of heavy train movement. The paper offers the procedure of simulation modeling, simulation results for a line of heavy train movement and the analysis of the impact of grounding parameters on induced voltages. The simulation results were correlated with the experiment data and admitted to be consistent. The calculations made by the suggested procedure helped to reveal the key dependences of induced currents and voltages on ground parameters, as well as nonlinear dependencies of the induced voltage on ground resistance that forms the basis for further studies and correlation of the obtained data with the statistics accumulated during operation.